Information security and compliance review

Your requirement

Organisations hold large volumes of personal and in some cases highly sensitive information about their customers and staff. This may be spread around hundreds of services and thousands of staff. It will be found in many different media and formats: in data systems, file shares, emails, paper files, desktops, laptops and USB sticks. It must be collected legitimately and shared legitimately. The duty of care towards that information is a burden that is growing as information volumes grow and their hosting and transmission methods diversify.

Information Security and Information Governance have risen to the top of company agendas following increasing reports in the national press of leaks, losses and data theft. The Information Commissioner’s Office has since April 2010 been given the power to impose a £0.5m fine on companies guilty of serious breaches.

The Information Security and Compliance environment for organisations is defined by the:

  • Data Protection Act 1998
  • Privacy and Electronic Communications regulations 2003
  • Computer Misuse Act 1990.
  • Payment Card Industry Data Security Standard 2008

Public sector Information Compliance requirements additionally include the:

  • Freedom of Information Act 2005
  • Records Management Code under Section 46 of the FOI Act 2009
  • ISO 27001

Central government also requires compliance with the 2009 HMG Security Policy Framework and the Public Records Acts of 1958 and 1967 while other areas of the public sector such as health, education, police and local government have their own sector-specific compliance requirements.

Our solution

You want to protect personal information, prevent losses and leaks, avoid ICO intervention and prevent negative press? Cimtech’s Information Security and Compliance Review is the first step.

We will:

  • define the compliance environment of your organisation in terms of legislation and government guidance
  • adopt or create a toolkit of information compliance requirements
  • carry out a risk-based gap analysis
  • identify the work to be done to fill the gaps and meet the requirements
  • draw up a roadmap for compliance, with resource requirements and timescales.

Our Information Security and Compliance Review report will show where your deficiencies and risks lie. We will suggest remedial action for each deficiency and risk. We will recommend roles and responsibilities, policies and procedures and the change management needed to embed them in everyday working. We will plan a timetable for action which is fully quantified and resourced.

If you want a full Information Security Audit, with RMADs, penetration testing and remediation plans Cimtech can offer CLAS-certified consultants with SC-level security clearance.