Like bereavement and taxes, compliance is unavoidable. Certain industries are heavily regulated, such as those in the Finance or Utility sectors, and all organisations are statutorily regulated. Various Acts have been introduced to ensure that personal data is secure, that systems are protected from attack, and that recourse is available for those adversely affected by the failure of an organisation to introduce adequate countermeasures.
The whole area is confusing and it is unfortunate that we find this confusion preventing organisations from complying. Our professional services team have extensive experience in the interpretation and execution of compliance requirements having undertaken practical implementations across many industry sectors.
ISO 27001 Overview
This is the international Code of Practice for information security management and offers a means by which certification against the standard can be achieved. Organisations certified to ISO 27001 have demonstrated that their ISMS is of a level currently considered globally to represent best practice. Other organisations are utilising the ‘Code of Practice’ in their compliance programs to satisfy their internal requirements to achieve best practice.
The route to certification comprises a number of stages, typically:
- Identification of Scope;
- Gap Analysis;
- Risk Assessment;
- Security Improvement Plan;
- Statement of Applicability;
- Training and Awareness;
- Mock Assessment.
getsix® as a Dell Partner, has undertaken a large number of compliance and certification projects and is able
We are pleased to announce that getsix® has maintained certificate comply with the ISO 27001: 2013 requirements. The certificate is approved by TüV Rheinland.
getsix® understands the importance of ‘Information Security Management’ for our clients, so we absolutely need to implement this to our Quality Management processes to further enhance our reputation for delivering a first-class service.