What is a Statement of Applicability (SOA) for ISO 27001 in 27002? ISO 27001 in the International Standard Organisation’s (ISO) Information Security Management System (ISMS) ISO 27001 references a document that it calls the Statement of Applicability or SoA. There’s something confusing about the name. Simply put, the Statement of Applicability is a list of …
What is a ISO 27001 Statement of Applicability SoA? Read More »
This is a conversation that we’ve been having more than expected over the last 5 years, so it’s time for a blog… Should your website have a Privacy Notice? Should your website have a Privacy Policy? What on earth is the difference? Let’s find out… Why do we need a Website Privacy Page / Notice …
The Three Lines of Defence Risk Management Model What is the Three Lines of Defence model? The Three Lines of Defence model helps business leaders to manage risk effectively. It facilitates a cohesive and coordinated approach, by establishing three independent levels of risk management, segregating key duties and reducing the potential for conflicts of interest. …
The Three Lines of Defence Risk Management Model Read More »
What Skills Do DPOs Need? GDPR Data Protection Officers DPOs require quite a multi-disciplinary skill set. GDPR says they must be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices. They must be able to fulfil the designated tasks. A DPO will require technical skillsets relating …
What Skills Do DPOs Need? GDPR Data Protection Officers Read More »
4 Tasks DPOs Must Perform Under GDPR EU Data protection law mandates that the DPO must fulfil certain obligations and tasks. This includes: Informing and advising the company and staff about their legal obligations. Monitoring the company’s compliance with data protection law and policies, including monitoring how responsibilities are assigned, levels of awareness and training …
Does my company need a DPO? GDPR mandates that specific types of organisations assign a formal Data Protection Officer. At a high level, this is an obligation for: Public organisations Private organisations whose core activities process a large scale of personal data. The definition of “large scale” creates a challenge, even though some guidance has …
