The Ideas Distillery
  • Home
  • ISO systems
    • Benefits of ISO systems
    • How to get (and keep!) ISO certification
    • ISO certification FAQs
  • Implementation
    • ISO Implementation overview
    • ISO 9001 QMS Support
    • ISO 14001 EMS Support
    • ISO 45001 H&SMS Support
    • ISO 27001 ISMS Support
    • Certification Threshold Service®
  • Maintenance
    • Maintenance Services Overview
    • Certifications Compliance Package - Bronze
    • Certifications Compliance Package - Silver
    • Certifications Compliance Package - Gold
    • Internal Audits Service
    • Online Compliance Management
  • Improvement
    • Business Process Mapping
    • Lean
    • ID TV Channel
  • About
    • Contact
    • About Us
    • Meet our team
    • Video Testimonials
    • Blog
    • Knowledge Base
    • Press Room

How ISO 27001 can help you achieve GDPR compliance

9/8/2018

0 Comments

 
Picture
Anyone struggling with the EU GDPR (General Data Protection Regulation) should look no further than ISO 27001. It’s the international standard for information security, and its framework is close enough to the Regulation’s that many experts consider it a perfect launchpad for a GDPR compliance project.

Certifying to the Standard means you’re already halfway to GDPR compliance, plus you’ll experience the general benefits of ISO 27001 certification.

​
And, unlike the GDPR, ISO 27001 provides clear instructions on the steps you need to follow in order to stay secure.

What is ISO 27001?

ISO 27001 outlines three essential aspects or ‘pillars’ of effective information security: people, processes and technology.

This three-pronged approach helps organisations defend themselves from both highly organised attacks and common internal threats, such as accidental breaches and human error.

Its requirements are similar in many places to the GDPR, but whereas the Regulation only occasionally suggests specific practices (such as encryption), ISO 27001 lays out clearly what organisations need to do to remain secure.

How ISO 27001 helps

ISO 27001’s requirements overlap with the those outlined in Article 32 of the GDPR:

  • Take measures to pseudonymise and encrypt personal data.
  • Ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
  • Restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
  • Implement a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures.

Article 32 also mandates that organisations address risks that could lead to the “accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data”.

An effective ISMS (information security management system) that conforms to ISO 27001 will meet all these requirements.

We identify the key requirements of ISO 27001 for you and will outline a structured approach to implementation based around:
​
  • Defining the scope of the ISMS.
  • Defining your information security policy.
  • Creating a list of relevant risks that would compromise the confidentiality, integrity and availability of your information.
  • Defining a systematic approach to risk assessment.
  • Carrying out risk assessments to identify and evaluate information security risks.
  • Identifying and evaluating options for the treatment of these risks.
  • Selecting, for each risk, the controls to be implemented.
  • Preparing a statement of applicability (SoA).
  • Meeting your organisation’s ongoing legal, regulatory and contractual obligations through a Compliance Legal Register and Key Issues Newsletter.
0 Comments



Leave a Reply.

      NEVER MISS AN ARTICLE - SIGN UP FOR OUR BLOG UPDATES
    Submit

    Welcome

    Here you'll find the latest blog articles on all things compliance, particularly focussed on quality, environment, health & safety and information security.


    Get a completely free, no obligation, totally tailored ISO Gap Analysis for your business...
    FREE ISO GAP ANALYSIS

    Categories

    All
    Environment
    Health And Safety
    Information Security
    ISO Management System
    Quality


    Archives

    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    July 2020
    June 2020
    May 2020
    April 2020
    February 2020
    January 2020
    December 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018

    RSS Feed

Ideas Distillery logo
T: 029 2196 1066
E: info@ideasdistillery.co.uk
Picture
Picture
Read about our ISO implementation services...

Read about our ISO maintenance services...

Find out about our free, genuinely useful Monthly Newsletter full of links, hints and free stuff
​GDPR Data and Information Policy
​Privacy Policy
HTML sitemap
XML sitemap
  • Home
  • ISO systems
    • Benefits of ISO systems
    • How to get (and keep!) ISO certification
    • ISO certification FAQs
  • Implementation
    • ISO Implementation overview
    • ISO 9001 QMS Support
    • ISO 14001 EMS Support
    • ISO 45001 H&SMS Support
    • ISO 27001 ISMS Support
    • Certification Threshold Service®
  • Maintenance
    • Maintenance Services Overview
    • Certifications Compliance Package - Bronze
    • Certifications Compliance Package - Silver
    • Certifications Compliance Package - Gold
    • Internal Audits Service
    • Online Compliance Management
  • Improvement
    • Business Process Mapping
    • Lean
    • ID TV Channel
  • About
    • Contact
    • About Us
    • Meet our team
    • Video Testimonials
    • Blog
    • Knowledge Base
    • Press Room