WADIFF Consulting help Clear Review get ISO27001 certification

Clear Review provides a platform to help companies drive employee performance improvement and provide measurements that companies require to make business decisions. Clear Review already had Cyber Essential plus, getting ISO27001 certification was the next step to ensure there is a robust security framework covering all areas of the company; from onboarding clients and their… Read More

WADIFF Consulting help any-3 get ISO27001 certification

any-3 provides bespoke surveys around engagement, diversity and self-assessments to high profile corporates and public sector organisations. Clients expect data to be kept secure and may undertake audits or run tests with any-3 to confirm everything is in place to protect the confidentiality, integrity and availability of data. Getting ISO27001 certification was the next step… Read More

Policy pile up creates user uncertainty

This blog was written after recently working with different companies on their Information Security Management Systems (ISMSs).  The ISO27000 standard – the Overview and vocabulary part of the ISO27nnn series – defines an ISMS as consisting of “policies, procedures, guidelines, and associated resources and activities, collectively managed by an organization, in the pursuit of protecting its… Read More

Password protecting your Word, Excel, PowerPoint and PDF files #MSOffice

A discussion about security measures with an SME I have been working with highlighted the need to provide some tips on how to protect files. They wanted to add passwords but were not sure of the best way to do this. So here is the way to do it in MS Office applications for Office365.… Read More

Legitimate Interests – 3 part test

Legitimate interests (LI) is one of the lawful basis for processing personal data. The ICO say it is appropriate “where you use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing”. The three parts to the test to identify a LI have been… Read More

Wetherspoons stop monthly newsletters – GDPR related?

This morning I received an email from Wetherspoons – I am a customer and did sign up to receive updates – saying they will no longer be sending emails as many consider this intrusive. I agree that some people can find this intrusive, but at the same time think this could be part of their General… Read More

GDPR (Data Protection) vs MTD (Tax)

What we know The General Data Protection Regulation (GDPR) will replace the Data Protection Act. Brexit has no impact. The Information Commissioner has said “there may still be questions about how the GDPR would work on the UK leaving the EU but this should not distract from the important task of compliance with GDPR”. This… Read More

Perception vs Reality of cyber crime

Would you consider your house as secure if it had been broken into in the past year, and the police had not caught the gang that was breaking into most of the other houses on your street? Probably not. Compare this to businesses and cyber crime. A recent report indicates there is a disconnect between the reality… Read More

Why keeping information secure is much more than an IT issue

When I ask business owners what they are doing to keep their business information secure, the vast majority say it is an IT issue and I should talk to their IT team or the company used to maintain their IT systems. But what about dealing with risks from your staff, lack of adequate physical security or keeping… Read More

Is that the drip, drip, drip of your data?

It may seem obvious, but some businesses don’t appreciate that securing information means you need to know what you have and where it gets stored. Not so long ago you knew that information stored electronically would be held on servers within your building(s), at a secure data centre or on backups held by a trusted… Read More