Information security supports good data governance, and is itself a legal data protection requirement. Poor information security leaves your systems and services at risk and may cause real harm and distress to people – it may even endanger lives in some extreme cases.
Our data protection audits consider and align to established frameworks for information and cyber security, namely:
- National Cyber Security Centre Compliance Cyber Assessment Framework
- ISO27001:2022
- National Cyber Security Centre Cyber Essentials
If you are a large business in the public, private and third sectors we recommend using the above frameworks to help you consider your information and cyber security maturity.
If you are a medium- to small-sized organisation, we have published an Information Security Toolkit that will help you understand what you need to do to ensure the confidentiality, integrity and availability of your information.
This is a checklist which gives you examples of good practice we’ve seen during our audits across a range of information and cyber security areas. You can use the checklist in addition to the established frameworks above. The points to consider are not an exhaustive list and you should review them in the context of your own organisation and how you process personal information.