Information is a key asset of many organisations. It needs to be adequately protected. The road to information security starts by an assessment of risk to sensitive or critical information assets. There needs to be a consideration of the threats (both internal and external) to your information and any organisational vulnerabilities. The likelihood of a threat materialising and the impact on your business/ customers if that were to happen has to be assessed.
Bearing in mind the ‘risk appetite’ of the organisation measures then need to be put in to place to manage risks. Risks can be treated in various ways.
Some organisations prefer to put in place a formalised information security management system such as ISO 27001
If an organisation uses a data processor such as outsourced payroll or cloud storage you need to satisfy yourself that they can be trusted to protect any personal data you give to them or allow them access to. We can assist you with any ‘due diligence’ of such suppliers or in responding to any security questionnaires that you are asked to complete by a potential customer.
For further information please contact us.