ISO27001 (BS7799:2005) Compliance
From PCI DSS to the Data Protection Act the data market today is full of myths, jargon and acronyms when it comes to data compliance. From payments to data sovereignty, there is a rule or best practice guide for everything, meaning finding a place to start is confusing. Every UK organisation must comply with the regulations or they could face large fines and suspension of service. Non-compliance is no longer an option, whomever you are!
Last year, a survey by 6DG reported that almost half (43%) of IT professionals didn’t understand the compliance legislation when it comes to managing data. From the raft of regulations coupled with a company’s own privacy policies, IT professionals could get lost in a sea of paperwork. In fact, over half (52%) of the IT industry specialists surveyed said that they would rather use a third-party to manage their data compliance than make sense of it themselves.
The cost of non-compliance can be substantial. Demonstrating how eager they are to enforce the Cabinet Office’s zero-tolerance approach to non-compliance, the Information Commissioner’s Office (ICO) issues fines reaching their maximum of £500,000; however those issued by, for example, the PCI DSS board can be in the millions of pounds range!
Data sovereignty (where the data is stored) is a key component when it comes to compliance. For some organisations it’s essential that data is stored within the UK or EU. But this can become clouded when services are outsourced and the Service Provider is not forth coming with actual details on what they do with their data, especially backups. 6DG found businesses are blindly assuming that their Service Provider is complying with the relevant regulations. A high proportion (35%) of those outsourcing admitted to not even knowing where their data is housed.
Organisations need to manage vital financial information, customer details and intellectual property correctly in order to comply with the latest regulations. Digital Pathways have the experience to help our clients in these aspects either by sound advice or solutions to protect your company’s ‘Crown Jewels’.
On our website we hope we can provide you with solid information about the compliance challenges and ways our technology can be used to protect your digital assets, your company’s brand and your own personal reputation.