April 16, 2020

Step by Step Process following ISO 27001 Data Security Standard

This can be described verbally as follows:

  1. Determine the Data Assets (computers, mobiles, filing cabinets, whiteboards, servers, people etc – ie everywhere that data is held – hard or virtual copy or in someone’s head)
  2. Run through each Data Asset (or group of them) against the Controls and Procedures set by the standard to determine which should apply and how they are currently being applied
  3. Link (in the programme) to all existing Documentation
  • Then, using the above Data Asset/Control & Procedure/Documentation combinations, to run through the risk determination (likelihood, impact, cost, liability) to identify how risky the overall situation for the organisation is
  • Then run through an exercise to Remediate each section of the system where required
  • And following Remediation, to reassess the risk impact on the overall system IF the remediation proposed was applied in full
  • If the resultant risk is NOT acceptable to the organisation, then the next step is to revisit the Remediation stage and upgrade the improvements before once again assessing the Risk
  • Once the risk is acceptable, the programme allows users to control and develop the changes that have been identified, with date monitoring, auditable files and oversight required to demonstrate what has been done
  • At this point the process slips into a “take the actions and maintain the system” with the understanding that the system procedure will require review of the risk periodically and appropriate action thereafter.

Secure Business Data

We are here to help you secure your business data using cutting edge technology.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram