Information Security and Data Privacy
The information security management system standard is ISO 27001 and it helps you keep your information assets secure.
It is an internationally recognised management system for managing information security governance risk. The standard provides a best-practice framework, describing key requirements necessary to implement an effective and compliant ISMS.
We can help your organisation manage the security of your assets, such as financial information, intellectual property, employee details or information entrusted to you by third parties.
You simply can’t be too careful when it comes to protecting personal records and commercially sensitive information.
ISO 27001 facilitates the implementation of a robust and systematic approach to managing information, protecting your organisation’s reputation. The Antaris team has extensive experience and expertise with ISO 27001, and we are certified to the standard ourselves.
ISO 27001 helps make businesses more resilient and responsive to threats to information security. It helps keep your business secure so you can focus on doing “business as usual”, while showing clients and suppliers your commitment to protecting their information.
ISO 27001 follows a risk-based approach, ensuring that security controls implemented are appropriate and proportionate both to the assets to be protected, and your organisation’s appetite for risk.
Our ISMS consultancy services include:
Gap analysis and scoping
Statement of Applicability
ISMS framework development
Policy and documentation support
This standard has a focus on the context of your organisation, risk-based thinking, enhanced leadership responsibilities, and the new annex SL high level structure which is aligned with other ISO standards
ISO 27001 certification covers 14 information security domains and consists of 114 security controls to ensure all information assets covering people, processes and technology, including suppliers and vendors, are secure.
As a risk-based information security management framework, ISO 27001 is generally regarded as the means by which organisations can meet the required level of data protection stipulated as ‘appropriate controls’ under regulations such as the UK and Irish DPA (Data Protection Act) and the EU GDPR (General Data Protection Regulation).
ISO 27001 also requires that legal and regulatory obligations are understood and incorporated into the management system.
The EU General Data Protection Regulation (GDPR) and Data Protection Act 2018 were enacted in May 2018 and apply specifically in the following areas:
Enhanced risk management processes to consider privacy as a primary concern
Inventory and accountability
Communications with customers and staff
Personal privacy rights and supporting procedures
Changes to access requests
Consent and legal basis
Processing children’s data
Privacy Impact Assessments (PIAs) and “Privacy by design”
Data protection officers (DPOs)
International data transfers