WADIFF Consulting help Clear Review get ISO27001 certification

Clear Review provides a platform to help companies drive employee performance improvement and provide measurements that companies require to make business decisions. Clear Review already had Cyber Essential plus, getting ISO27001 certification was the next step to ensure there is a robust security framework covering all areas of the company; from onboarding clients and their… Read More

More companies offering solutions to help meet Data Protection requirements

With the GDPR, the CCPA and other requirements coming into force, companies need tools to help them meet requirements in areas such as identifying and mapping personal data, keeping it secure, managing consent, dealing with requests from data subjects exercising their rights and with incidents. The number of companies offering solutions has increased by over… Read More

WADIFF Consulting help any-3 get ISO27001 certification

any-3 provides bespoke surveys around engagement, diversity and self-assessments to high profile corporates and public sector organisations. Clients expect data to be kept secure and may undertake audits or run tests with any-3 to confirm everything is in place to protect the confidentiality, integrity and availability of data. Getting ISO27001 certification was the next step… Read More

Does your Business Continuity plan cover the impact of Coronavirus? It should

A Business Continuity Plan (BCP) defines how unplanned circumstances will be managed so organisations can continue running and, for ISO27001, maintaining the confidentiality, integrity and availability of Information Assets. Coronavirus could have an impact on many organisations. Staff may need to ‘self isolate’ and work from home for extended periods. In the worst case, key… Read More

Let’s talk about Information transfer policies and procedures (ISO27001 Annex A Control 13.2.1)

Questions about how to address this control are usually raised by clients early on in discussions on how to implement ISO27001 requirements. “What is meant by transfer?” and “Do we really need complex procedures as that isn’t going to work with our culture” are typical. The ISO27001 document gives the outline “Formal transfer policies, procedures…..protect… Read More

Highlights from our work in 2019

2019 was the year when we worked in more business sectors to help with Information and Cyber Security and data protection requirements. ISO27001 Helped 3 SMEs get ISO27001 certification Worked with 4 organisations on their ISO27001 Surveillance programmes. This included updating of risk assessments, doing internal audits and running desktop tests of business continuity plans… Read More

Data Protection with a hard Brexit – you might not need a representative in the UK

Several companies have made claims similar to “EU companies required to appoint UK Representative if there is a NO DEAL Brexit”. The headlines are wrong. I checked the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 and with the ICO. EU companies MAY need to appoint a UK representative, but if… Read More

CCTV and privacy – what you need to do

The majority of offices use CCTV as part of their security measures to protect the perimeter of buildings and/or to monitor restricted areas. There is nothing wrong in doing this providing a legal basis for processing the personal data (images) is established,  you tell people what it is used for and meet any requirements laid… Read More

WADIFF Consulting help Ditto AI get ISO27001 certification

Ditto AI Limited is an Explainable AI (XAI) company, that serves regulated, safety critical sectors that require accountability and transparency in their AI solutions. The security and integrity of information is seen as critically important to their business. With a target market of regulated industries, getting the ISO27001 certification made perfect sense both technically and… Read More