Taking reasonable care
29 March 2023
In our February newsletter we talked about the need to ensure that any third parties engaged to do work for your organisation preserve the confidentiality, integrity, and availability of your information. One of the steps you can take to make improvements in this third-party risk area, is the level of due diligence you should consider applying upfr…
Working with third party suppliers
15 February 2023
When it comes to information security risk management, how do you ensure that the third parties engaged to do work for your organisation preserve the confidentiality, integrity, and availability of your information? Often their “work” could include access to your organisation's data, intellectual property, financial, operational, or other sensitive…
Are your policies fit for purpose?
23 November 2022
Some discussions we had at a recent industry event highlighted how organisations still struggle to draft and deliver policies that are fit for purpose. Three people we met from 3 different organisations stated they had IT polices currently in circulation that are approximately 10 years old. In a separate discussion, someone in an IT Operations role…
When was the last time you tested your incident response plan?
20 October 2022
In the last few weeks a number of high profile organisations have become front page news due to data breaches.Testing your incident response plan is critical for a range of reasons including – It’s important to confirm that the defined roles and responsibilities assigned to your response team are appropriate. Testing will help team members to under…