Understand and manage information security risks by identifying all the information you have, held electronically and on paper, and the processes and physical access controls that are in place to protect it.

Prepare for the General Data Protection Regulation (GDPR), it replaces the Data Protection Act in May 2018. The GDPR will have an impact on staff records, client and prospect lists, websites and how you do marketing. If provides an opportunity to review legacy processes, systems and personal data and discard anything that isn’t needed. If you do nothing, you run the risk of fines.

Prepare for certification to ISO27001; the International standard for Information Security. This includes writing common sense, easy to understand, policies and procedures on all aspects of security. Having this certification will satisfy clients and potential clients that you take security seriously, and make it much easier to answer questions from procurement teams about security measures.

Give training to staff in how to be secure and protect business data and their own data.

Run desktop tests to check that Business Continuity and Incident Management plans will work. You don’t want to find that a plan isn’t going to work at the point you need to use it.

Get in touch for more details on the services we provide.
e: ian.grey@wadiff-consulting.co.uk
t: +44 (0)7941 188462