WADIFF Consulting help Ditto AI get ISO27001 certification

Ditto AI Limited is an Explainable AI (XAI) company, that serves regulated, safety critical sectors that require accountability and transparency in their AI solutions. The security and integrity of information is seen as critically important to their business. With a target market of regulated industries, getting the ISO27001 certification made perfect sense both technically and… Read More

Policy pile up creates user uncertainty

This blog was written after recently working with different companies on their Information Security Management Systems (ISMSs).  The ISO27000 standard – the Overview and vocabulary part of the ISO27nnn series – defines an ISMS as consisting of “policies, procedures, guidelines, and associated resources and activities, collectively managed by an organization, in the pursuit of protecting its… Read More

The Classification Conundrum #ISO27001

An important step to effectively manage information security risks is identifying how many information Classifications you have. The ISO27001 standard supports through clause 8.2.1 “Information should be classified in terms of legal requirements, value, criticality and sensitivity to unauthorised disclosure or modification”.  There is no standard answer to how many are needed. It is one… Read More

WADIFF Consulting help St Giles Trust get ISO27001 certification

St Giles Trust is a charity that helps ex-offenders and disadvantaged people to move their lives forward. Security requirements to obtain funding, and the expectations of partners, meant that ISO27001 certification to cover their six offices was becoming a ‘must have’ for the Trust. Where WADIFF Consulting make a difference Practical knowledge of implementing and… Read More

Don’t panic – stopping apps from accessing your emails

If you give an App access to your emails (and other data) it should come as no surprise that they use the access. And sometimes that could mean humans reading emails contents, and possibly not for the expected reason.  Here are ways to check who has access to your data in Google and Microsoft.com and… Read More

You have decided you need ISO27001 certification – what happens now?

ISO27001 is the international standard for Information Security, and there are several reasons for deciding that certification is a business requirement. For some companies, it becomes a requirement to get shortlisted for new work. For others, it can be a way for management to ensure good security practices are in places as they grow or… Read More

How interested do parties need to be?

Early on in the ISO27001:2013 standard, page 1 section 4.2 to be precise, is ‘Understanding the needs and expectations of interested parties’. An organisation needs to determine the parties relevant to their information security management system (ISMS) and what requirements they could have for information security. The standard helpfully notes that requirements may include legal and regulatory… Read More

Things to consider when selecting a new office

Thinking of moving to a new location? Here are some security items you should consider when selecting your perfect office. Location Consider neighbourhood public health and safety issues Is there an unacceptably high incidence of crimes against people or property? Will employees feel safe walking alone at night? Do the police or other emergency services have… Read More

Will marketing make companies miss the May 2018 GDPR deadline?

We all do marketing to make us stand out from the competition and show the compelling reasons to have the product or service we provide. But sometimes a marketing message doesn’t give the complete picture. For the General Data Protection Regulation (GDPR), this could lead companies to believe they comply but actually have several outstanding issues to address.… Read More

Windows 10 Anniversary Update – Security Features

The Windows 10 Anniversary Update will be launched on 2nd August 2016.  Alongside changes to the Start menu, Windows Ink and extensions to the Edge browser are changes to Cortana (the intelligent personal assistant) and three security features. The first is Windows Defender Advanced Threat Protection (WDATP). It is aimed at enterprise customers to detect, investigate, and… Read More