The Who, What & Why
Since its announcement in April 2016, the General Data Protection Regulation (GDPR) has been a topic of much discussion.
Enforcement was due to come into play in May 2018 and this, coupled with the ever-changing cybersecurity threat landscape, signified a crucial requirement for companies to analyse how their data is handled, ensure it is kept securely and create the necessary policies around the edge whilst increasing overall network security levels.
This therefore meant that the following was noted from our clients:
- Lack of clarity around GDPR implications and required next actions
- A desire to ensure policies and technical measures were in place for GDPR compliance
- The need to ensure network security was optimised to better protect company data and minimise risk of breach
This is in mind, in 2017 the Sweethaven team undertook a series of assessments to ensure the team here has the highest possible level of knowledge and awareness around GDPR and cybersecurity to best support and advice our customers in the required adaptations to the way both their people and their systems work. Government accredited qualification has also provided a badge of reassurance that Sweethaven has implemented the best possible measures for security of the data that we control.
Following an intense 7-month period of training, Sweethaven are now fully accredited as an IASME Gold and CyberEssentials assessment body.
Who is IASME?
IASME is an information assurance standard that is measured by the IASME Consortium. Second to their website "IASME assesses and certifies organisations against two standards at both the self-assessment and audited levels. The IASME Governance Standard and The Cyber Essentials Scheme.”
IASME Governance Standard –
“The IASME Governance standard, based on international best practice, is risk-based and includes aspects such as physical security, staff awareness, and data backup. The IASME standard was recently recognised as the best cyber security standard for small companies by the UK Government when in consultation with trade associations and industry groups. The IASME governance self-assessment includes the Cyber Essentials assessment within it as well as an assessment against the requirements of the GDPR.”
Cyber Essentials Scheme -
“IASME is one of just five companies appointed as Accreditation Bodies for assessing and certifying against the Government's Cyber Essentials Scheme. The Scheme focuses on the five most important technical security controls. These controls were identified by the government as those that, if they had been in place, would have stopped the majority of the successful cyber-attacks over the last few years.”
What were the main lessons learnt?
Significant work around the following key aspects was noted as required for compliance:
- Updating policies
- Handling data
- Lock / storage of data
- USB device control
- Business continuity, including comprehensive disaster recovery plans
- Internal training to educate employees on everything surrounding GDPR and what it meant for Sweethaven
Working through the above, within the context of government frameworks, has subsequently enabled Sweethaven to provide a tailored solution for supporting customers through their own auditing process. An in-depth understanding of modern day requirements also allows the team to produce a tailored list of recommendations for our clients that hones in on both policy and technical requirements for companies to meet GDPR compliance and enhance both network security and data protection.
So how can our customers now benefit from Sweethaven’s journey?
Sweethaven’s own journey towards IASME Gold & CyberEssentials accreditation now means that we are fully qualified to support clients in the following areas:
- GDPR & Security audits with full reports to identify areas of weakness and required next steps. Click here to find out more: Sweethaven Security 360 Review
- IASME and CyberEssentials accreditation to prove measures taken to improve data and system security, both to the authorities and your customers
- GDPR/DPO support services
- Network security assessments
- Design and implementation of data and security solutions: School Infrastructure
- Ongoing monthly security-as-a-service