General Data Protection Regulation (GDPR) & ISO 27001
Most businesses are now aware that they need to review their internal data protection processes and IT systems and that the deadline for compliance is May 28th 2018.
Roadmap have been applying best practise approaches to all of the IT solutions we provide to our customers for many years. Security and privacy have always been at the forefront of our planning, workflows and advice. If you are an existing customer of ours, then its likely you already have the right technology and framework in place and the majority of the work will focus on creating documentation, processes and IT policies.
Reviewing internal processes, data privacy and IT security opens up a further opportunity to create an ISMS (Information Security Management System) and in particular the option to work towards an ISO 27001 certification. There are a number of key benefits for our customers to do this:
1. GDPR recommends the use certification schemes such as ISO 27001 as a way of providing the necessary assurance that the organisation is effectively managing its information security risks.
2. ISO 27001 will help you put processes in place that protect not only customer information but also all your information assets, including information that is stored electronically and in hard copy format
3. ISO 27001 requires your security regime to be supported by senior management and incorporated into the organisation’s culture and strategy. It also requires the appointment of a senior individual who takes accountability for the ISMS. The GDPR mandates clear accountability for data protection throughout the organisation.
4. ISO 27001 compliance means conducting regular risk assessments to identify threats and vulnerabilities that can affect your information assets, and to take steps to protect that data. The GDPR specifically requires a risk assessment to ensure an organisation has identified risks that can impact personal data.
5. Being GDPR-compliant means an organisation needs to carry out regular testing and audits to prove that its security regime is working effectively. An ISO 27001-compliant ISMS needs to be regularly assessed according to the internal audit guidelines provided by the Standard.
6. The GDPR requires organisations to take the necessary steps to ensure the security controls work as designed. Achieving accredited certification to ISO 27001 delivers an independent, expert assessment of whether you have implemented adequate measures to protect your data.
Working towards ISO 27001 not only addresses the majority of your GDPR requirements, but also improves your internal security and privacy. In addition to this many businesses now insist that their partners or suppliers have ISO27001 certification if they wish to work with them. Achieving certification aids with a much simpler tendering process when agencies are pitching for new business.
Inline with the industry standards and our customers needs Roadmap are also working towards ISO27001 certification.
If you are a Creative Industry business, working with Mac's and need a "Roadmap" to review your GDPR responsibilities, or wish to work towards ISO27001, or simply wish to improve the security of your data then contact us to arrange a free consultation to see how we can help.