Information Security Compliance Solutions
Governance, Risk and Compliance remain both equally important and challenging to many organisations. The legislative and regulatory landscape is becoming increasingly complex, particularly in Europe with localisation, an additional contributor as countries interpret EU legislation slightly differently. Alongside added complexity, costs continue to rise. According to the British Chamber of Commerce “the cumulative cost to UK business of 69 major regulations introduced since 1998 has risen from £39 billion in 2005 to over £50 billion in 2006 with the Data Protection Act alone costing £965 million to implement and £667 million in recurring costs”.
Companies that adopt compliance standards to navigate through the legislative and regulatory minefield derive significant benefits – most notably through increases in productivity, efficiency, effectiveness, agility and a reduction in risk. ISO27001 (BS7799:2005) is becoming established as the global standard for information security best practice with adoption growing worldwide. The Payment Card Industry Data Security Standard (PCI DSS) is being driven by major card brands including Visa, Mastercard and American Express. Merchants of all sizes are now coming under pressure to act to meet detailed requirements relating specifically to cardholder data. This compliance standard is another market driver but not yet fully adopted and accepted, with insurance requirements unclear and liability concerns, but if we look to the US market place we can see that these regulations are being enforced with large fines and imprisonment for senior executives.
Digital Pathways has worked with many organisations to address these compliance issues and through practical experience have implemented a solution which meets the clients business needs as well as the regulatory requirements.