Regulatory
Cyber compliance

What is cyber compliance?

Cyber compliance such as ISO27001, IASME & GDPR shows existing and prospective clients that you are protecting their data assets appropriately.
Not having security compliance controls in place can be a serious barrier to business. It’s no longer reasonable to expect that a customer or supplier will simply take your word that you are secure.

Audited compliance to industry-approved standards demonstrates to your stakeholders e.g. clients, partners, investors, and employees that you place information security as a priority.

There are many information security laws you have a legal obligation to abide by, dependent upon you sector. These include:

  • General data protection regulation
  • Data protection act (2018)
  • E-privacy directive
  • The network and information systems regulations 2018
  • Freedom of information act
  • The digital economy act


Failure to comply can result in extremely high fines. In the case of the GDPR, DPA 2018, E-Privacy Directive and NISR 2018 this can be up to 4% of the company global turn over or £17 million, whichever is greater. In fact, you can be fined under all three simultaneously.

To demonstrate your compliance with these laws and boost stakeholder confidence, Samurai will guide you through the legal and technical requirements to achieve any or all of the following accreditation and standards.

Cyber essentials

A Government backed scheme to show that you have taken steps to protect yourselves against the common weak areas in cyber security. Overseen now by the National Cyber Security Centre (part of GCHQ). Cyber essentials will offer a stamp of approval showing your organisation has implemented the appropriate organisational, documentation, and technical measures, in order to show a basic level of cyber security defence, this includes the use of; strong passwords, managing advertised services externally, hardware management, firewall use, secure configuration of devices and accounts, access control, and other important areas that are crucial in protecting information and systems.

IASME information governance

IASME are one of just five companies appointed as Accreditation Bodies for assessing and certifying against the Government’s Cyber Essentials Scheme. IASME Governance was developed in order to create a cyber security standard that would be an affordable and achievable alternative to the ISO27001 standard.

The IASME Governance assessment also includes the assessment criteria for Cyber Essentials basic, and the requirements of GDPR.
IASME governance includes a more advanced level of security requirements than Cyber Essentials, including aspects of physical security, staff training and awareness, 2-factor authentication, the management of admin accounts, secure patching for devices, and data backups.

Once achieved, the certificate can then be displayed on your website and privacy notices to evidence you have made stringent steps to prove your compliance to the regulations and acts. The certification goes beyond Cyber Essentials to cover all GDPR obligations as well as preparing you for the required controls under ISO 27001, for future accreditation.

ISO 27001

This is an ISO international standard to help you manage the information assets e.g. Hardware, financial, employee or intellectual property entrusted to you by third parties e.g. clients or partners. It is the gold standard for creating an ISMS (Information Security Management System).

ISO27001 sets out the specification for an ISMS, which will include an organisational framework of policies, procedures, organisational, and technical controls that are used in an organisations information risk management process(es).

Samurai can help to plan, develop, build, maintain, and continually improve an ISMS in order to be compliant with the standard, while offering training to employees in order to continually manage this over time.

PCI-DSS

This security standard is aimed at organisations who handle branded credit cards from the major card schemes. PCI-DSS is the gold standard in certifications to give your clients complete faith that you are doing all that us possible to ensure they do not end up a victim of credit card fraud. While it is not a legal standard, it is the standard adopted by most financial institutions adopt and thus most banks will not allow you to collect online payment directly without it.