Last month we revealed we had gained our Cyber Essentials accreditation. Cyber Essentials is part of the Governments cyber essential scheme to encourage businesses to focus on key aspects of technical security.
Our reason for progressing with this accreditation is to ensure we control and manage security around our data and can also minimise risk. Part of this was to evaluate our adherence and security in regards to GDPR, and GDPR requires more than Cyber Essentials on its own.
We partnered with IASME for our Cyber Essentials as it incorporates their IASME Governance Standard, which includes GDPR requirements, and so demonstrates that we have a wider governance system for management of the controls protecting personal data.
The IASME governance standard adds a number of topics to Cyber Essentials in support of GDPR, including assessing business risks, training staff, dealing with incidents and handling operational issues.
GDPR requires that personal data must be processed securely using appropriate technical and organisational measures. As a business we have to take appropriate action with relevant steps put in place, so we can manage risk effectively.
ICO have provided guidance for Cyber Security of what the GDPR security related outcomes are that a business should seek to achieve. The approach is based on four top level aims:
- manage security risk
- protect personal data against cyber attack
- detect security events, and
- minimise the impact
Cyber Essentials is recognised by the Information Commissioners Office (ICO) as good practice.
Our long-term growth strategy
So as part of commitment to our members, advisers, corporate partners and clients we have committed to adhering to Cyber Security IASME Governance requirements, which will be reviewed annually in order to minimise technical and cyber risk to our business.
Protecting the data we hold and how we maintain our daily working security standards is part of our growth strategy as we invest in technical solutions for streamlined Estate Planning services.
If you’re interested to find out more about the Cyber Accreditation process, what it could mean for your business and where to start, drop us a line: firstname.lastname@example.org