On 2 February 2022, the Information Commissioner’s Office (ICO) laid before Parliament changes around restricted international personal data transfers. The international data transfer agreement…
A question which comes up time and time again is ‘How do I approach asset identification within my information security risk assessment’. Typically, this question is twofold; which assets to include
There is nothing straightforward or simple about responding to a data subject access request (DSAR). Whilst responding to DSARs can be onerous and time-consuming, you cannot take any shortcuts.
The PCI SCC has recently released a new remote assessment guidelines and procedures. Here we address a number of key questions: What are the Main Contents? What Led to it Being Published? And others..
A DPIA delivers a pre-emptive approach to assessing these risks, and by applying corrective actions can help prevent a data breach occurring. We present an outline of steps in conducting a DPIA
Creating a ROPA will involve understanding and capturing processing activities throughout an organisation. In this blog, we will outline a step-by-step procedure on how you can create a ROPA.
A key role of risk management is helping organisations decide how limited resources can be most effectively used to address the most pressing business issues, e.g. threats to information security.