In our first episode in the ISO 27001 Steps to Success podcast series, we take you through how to implement ISO 27001 with Steve Mason, Senior Information Security Consultant with Blackmores. Steve shares his experience and provides tips on how to implement ISO 27001 within your organisation covering the key aspects – IT, employees and physical security. Steve provides an overview of the structure of the standard which sections of the standard you need to implement and why.
The Gap Analysis is the beginning of your Information Security journey. This helps you to understand which controls you’ve got in place (both documented and non-documented). Steve typically finds that companies tend to have an asset register and anti-virus, fire-walls and back-ups, however what is usually missing are documented controls to support them.
So for example you may back-up data, but you may not necessarily have any controls that clearly state:-
- What data are you backing-up?
- When is the data backed-up?
- How is the data backed-up?
- Who is responsible for making sure that the back-ups happen and can retrieve data?
Who should be involved with the Gap Analysis? Ideally, a cross-representation of functions to understand what type of data assets are received, processed, protected and communicated within your organisation. This can include a representative from operations, HR, Office Management, IT, procurement and supplier/contractor management.
What is the scope of your Information Security Management System? Is it the entire business, or only certain locations or services?
Once the scope is understood, the next stage is the Information Security Risk Assessment to understand the type of information assets your business has, owners of the assets and the risks associated. At Blackmores, we have a simplistic but very effective approach to Risk Assessment which Steve explains the methodology behind it and how it rates the risks in your business.
To hear about the Risk Assessment methodology and other interesting information such as Why can CCTV footage let you down in an assessment? Download our ISO Show Podcast and join Steve and I on our ISO 27001 Steps to Success Journey.
Listen to our previous 12 episodes by subscribing to us on iTunes or Soundcloud
And click HERE for further information on how we can help you with ISO 27001.
To help out the ISO Show:
- Share the ISO Show on twitter or Linkedin
- Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and I read each one.
BS 10012 is a British standard that outlines the specifications for a Personal Information Management System (PIMS). This was introduced in 2009 to help organisations manage personal information and comply with data protection laws.
The standard was updated in 2017 to reflect the GDPR’s requirements, making it an ideal framework for regulatory compliance. For example, it includes specific guidance on each principal, helping organisations meet the requirements of BS10012 and GDPR.
After implementing BS 10012 for a number of organisations, here are our Top tips on implementing BS 10012.
- Establish a PIMS team – this is not a one-person job. You will need to have input from all areas that are involved with personal data.
- Carry out a Privacy Impact Assessment – It is important to understand where all the personal identifiable data is within the organisation, how it is collected and how it is disposed. (remember this is all Data – soft and hard copies – get in to all the drawers and cupboards)
- Data mapping – collate the information on a data matrix, this would show all the information in one place.
- Carry out a risk assessment – the data matrix will flag up any risks that need addressing
- Update documentation – Ensure all documents are updated i.e data protection policies, cookie policy and privacy policy.
- Training, training and more training – people are the weakest link, ensure ALL staff have had BS 100012 training
- Conduct Internal Audits – to verify compliance and check your systems are effective.
Implementing a PIMS can be challenging so if you would like assistance please contact us for further information on: enquiries@blackmoresuk.com
What is data subject consent?
This is clearly defined by GDPR, what the data subjects wishes are in processing their data.
What is a freedom of information request?
Under the GDPR, individuals will have the right to obtain:
- confirmation that their data is being processed;
- access to their personal data; and
- other supplementary information – this largely corresponds to the information that should be provided in a privacy notice
You must provide a copy of the information free of charge. However, you can charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive.
You may also charge a reasonable fee to comply with requests for further copies of the same information. This does not mean that you can charge for all subsequent access requests.
In order to provide the information you must verify the identity of the person making the request, using “reasonable means”. If the request is made electronically, you should provide the information in a commonly used electronic format.
If you would like to learn more about GDPR – contact us today!
Premier Physical Healthcare is a subsidiary of Totally PLC and a leading provider of a wide range of healthcare services which include physiotherapy, podiatry and mobility assessments
Blackmores congratulate Premier Physical Healthcare’s retained certification at their first Continuing Assessment visit to ISO27001:2013 Information Security with no non-conformities.
Internationally recognized ISO/IEC 27001 is an excellent framework which helps organizations manage and protect their information assets so that they remain secure in confidentiality, integrity and availability. It helps you to continually review and refine the way you do this, not only for today, but also for the future. That’s how ISO/IEC 27001 protects your business, your reputation and adds value.
Certification body: BSI
The 2016 BCI Horizon Scan, written in collaboration between the Business Continuity Institute and BSI, has revealed some interesting results for perceived risks and threats to business.
Once again, perception of risks to business continuity for 2016 remain focused on information security and the performance and reliance on suppliers.
Top 10 Threats Identified:
- Cyber Attack
- Data Breach
- Unplanned IT & Telecom Outages
- Act of Terrorism
- Security Incident
- Interruption to utility supply chain
- Supply chain disruption
- Adverse Weather
- Availability of talents/key skills
- Health and Safety Incident
568 responding companies from 74 countries
This shows that cyber-attacks continue to dominate the threat landscape and organisations are getting increasingly concerned about its potential for damage given the increased sophistication of hostile elements.
The results also showed a third of the organisations do not use trend analysis results at all with access being a key barrier. This is a key weakness which impacts on building resilience across the whole organisation.
*Figures and content taken from http://www.thebci.org/index.php/download-the-bci-horizon-scan-report-2016
By implementing recognised and effective management system standards such as ISO22301 (Business Continuity) and ISO27001 (Information Security), organisations can mitigate and look at reducing the impact of the majority (if not all) of the top 10 defined risks and threats, and implement response plans to control disruption should a risk be realised.
Beyond certification, we take great pride in delivering ISO consultancy and support solutions. These solutions help our clients improve their productivity and profitability in a risk-controlled way.
We are your dedicated ISO consultants for all compliance matters from internal audits to updating Health, Safety and Environmental Legal compliance.
No matter what ISO certification you are hoping to achieve, we have a specialist ISO consultant ready to work with you and your organisation. Contact our team today to get started.
Our 7 Steps to Success
The Blackmores ISO Roadmap is a proven path to go from idea to launching your ISO Management System.
Whether you choose to work with one of our ISO Consultants, our isologists®, or work your own way through the process on our isology Hub, we’re certain you’ll achieve certification in no time!
We have a proven step by step process that our ISO Consultants implement as soon as our working relationship begins. We use our specialist skills and industry knowledge to determine what is already on track and where improvements can be made. We live and breathe ISO standards, we know the standards inside out so you don’t have to.
Our ISO Consultants can help you implement systems for any ISO Standard. See the full list for specialised standards here.
What our clients have to say
We engaged Blackmores to develop our ISO 9001, 14001, and 45001 management system from scratch. Throughout the creation and development stages of our ISO journey, Anju Punetha demonstrated remarkable patience, knowledge, and understanding as our dedicated consultant.
During our internal audit preparations, Ian Battersby’s meticulous attention to detail and thorough approach ensured we were well-prepared for our external audit, which we passed with flying colours. His guidance during the external audit was invaluable.
Based on our engagement and experience, I highly recommend the entire Blackmores team. If you’re considering pursuing ISO accreditations, Blackmores should be your first choice.
Graeme Adam
The support and advise I get from our assigned auditors is immense. Forward planning for the following year is great and they are flexible and always willing to help.
Kalil Vandi
“Blackmores have assisted us almost since the start of our adoption of the ISO 9001 quality standard. Their input has improved our processes since the start, and enabled our goal of continuous improvement to be achieved. The people are also extremely easy to get on with, and they really understand our business, giving us a great deal of confidence in their advice.”
David Gibson
“Blackmores are the perfect bridge between working on your ISO as an individual or company, to being audited each year. We find that any queries we have are covered and we feel sure that we have everything as needs be before going into an external audit.”
Mandy Welsby
“We have been extremely impressed with the service and support provided by Blackmores. There knowledge and assistance through out our ISO journey has been amazing!”
Philip Hannabuss
“Blackmores have really kept us on our toes with the broad scope and level of detail they apply to our internal audit schedule. They always stay abreast of ISO standard changes and help us to adapt our processes and documents to embrace these changes accordingly. Having Blackmores shadow our external audits provides invaluable confidence and peace of mind – would highly recommend their services!”
Phil Geens
“Our ISO 27001 certification project has gone so well, that there was no doubt in who we were going to ask to help us with our aspirations of becoming ISO 14001 certified. It’s been an absolute pleasure working with Blackmores, and we are really looking forward to working with them for the foreseeable future.”
Trusted by leading organisations across all sectors, we support companies of all sizes in any location.
Listen to our Podcast
Welcome to the ISO Show podcast, dispelling myths and sharing tips for success to improve your business with ISO Standards. Join us to hear interviews with successful business leaders as they share their ISO journey with you.
Get top tips via audio master classes “ISO Steps to Success” on the most popular ISO Standards.
