Your existing and prospective clients, partners and suppliers may require you to demonstrate that you are protecting their data assets appropriately. Not having security compliance controls in place can be a serious barrier to business. It’s no longer reasonable to expect that a customer or supplier will simply take your word that you are secure.
Audited compliance to industry-approved standards demonstrates to your all stakeholders e.g. clients, partners, investors, and employees that you place information security as a priority.
There are many information security laws you have a legal obligation to abide by, dependent upon you sector. These include: –
General Data Protection Regulation
Data Protection Act (2018)
The Network and Information Systems Regulations 2018
Freedom of Information Act
The Digital Economy Act
Failure to comply can result in extremely high fines. In the case of the DPA 2018, E-Privacy Directive and NISR 2018 this can be up to 4% of the company global turn over or £17 million, whichever is greater. In fact, you can be fined under all three simultaneously.
To demonstrate your compliance with these laws and boost stakeholder confidence, Samurai will guide you through the legal and technical requirements to achieve any or all of the following accreditations and standards.
A Government backed scheme to show that you have taken steps to protect yourselves against the common. Overseen now by the National Cyber Security Centre (part of GCHQ). This is the entry level standing for information security, more details can be found here
IASME information governance
IASME are one of just five companies appointed as Accreditation Bodies for assessing and certifying against the Government’s Cyber Essentials Scheme. The Information Governance gets you a certificate not only for IASME information governance but also additional certifications for:
- Cyber Essentials (see above) and
- GDPR compliance – The IASME GDPR certification proves that you have followed all the key components to ensure you are compliant with GDPR and DPA 2018. The certificate can then be displayed on your website and privacy notices to evidence you have made stringent steps to prove your compliance to the regulations and acts. The certification goes beyond Cyber Essentials to cover all GDPR obligations as well as moving you towards ISO 27001 also.
This is an ISO international standard to help you manage the security assets e.g. financial, employee or intellectual property entrusted to you by third parties e.g. clients or partners. It is the gold standard for creating an ISMS (Information Security Management System). More details can be found here
PCI-DSS (Payment Credit Card Industry – Data Security Standard)
This security standard is aimed at organisations who handle branded credit cards from the major card schemes. PCI-DSS is the gold standard in certifications to give your clients complete faith that you are doing all that us possible to ensure they do not end up a victim of credit card fraud. While it is not a legal standard, it is the standard adopted by most financial institutions adopt and thus most banks will not allow you to collect online payment directly without it.