Plan and undertake internal reviews to ensure that you implement information and cyber security controls in line with organisational policies and procedures.
Options to consider:
- Conduct independent internal reviews of information and cyber security controls, including audits and IT health checks (ITHC).
- Develop an action plan for treating any identified issues and risks and recording risks on any relevant risk registers.
- Ensure management undertake compliance reviews, such as spot checks and staff surveys, within their areas of responsibility?
Commission external information and cyber security reviews to ensure you are implementing effective information and cyber security controls.
Options to consider:
- Plan and commission external compliance reviews of key systems, including vulnerability assessments, pen testing and audits.
- Develop an action plan for treating any identified issues and risks and record risks on any relevant risk registers.
- Obtain certification from industry standards, such as ISO27001/2 and Cyber Essentials Plus.