Tuesday, 23 April 2019

It is very difficult to prove GDPR compliance but ISO 27001:2013 can set you apart from the rest

There is currently no certification body for the GDPR. Although you may be able to demonstrate that you have implemented the policies and procedures required by the GDPR and the DPA of 2018, the implementation of an effective Information Security Management System (ISMS) provides re-assurance to customers, clients and suppliers alike.

ISO 27001 is a framework of policies and procedures that includes all of the legal, physical and technical controls used in a company's information risk management processes. It is one of the family of standards providing world-class specifications for products, services and systems to ensure quality, safety and efficiency.

ISO is the International Organisation for Standardisation and UKAS is the sole national accreditation body for the United Kingdom.

The way we use data has changed significantly over the last 20 years, specifically in relation to the way data is acquired and dealt with.

Whilst cyber-attacks resulting in data breaches dominate the headlines the truth is that the majority of data breaches occur due to human error:
  • A dropped memory stick
  • Sending something to the wrong e-mail address
  • Adding data to the wrong Dropbox folder
  • Not taking care of paper files whilst out of the office

In addition to this, over the last few years cyber attacks have increased in complexity and frequency, exposing millions of people and businesses to security breaches, theft and fraud.

In the digital age in which we live, the associated reputational damage arising from a data breach can be fatal to any business.

Do you look after or process client data? Are you an IT or telecoms company or part of the healthcare or financial industries?

What makes you stand out from your competitors and makes your clients’ choose you?

Contact C3C today on 0330 004 0020 or info@c3c.co.uk to find out how we can help you enhance your reputation and stand out from the crowd by achieving UKAS accredited ISO certification.

Thursday, 14 March 2019

What is Right to Work

Right to Work can mean different things to different people. In the USA, some states have regulations stating people have a ‘right to work’ without being forced to join a union, humanitarian organisations subscribe to the concept that people have a human right to work, or engage in productive employment, and should not be prevented from doing so. In the UK, it is all about immigration compliance and is sometimes also labelled ‘preventing illegal working.’ This article uses the UK Home Office term of ‘right to work’ but the alternative of ‘preventing illegal working’ gives a good indication of what is required.

From January 1997, employers have been required to make checks on immigration status to check for illegal workers. Initially employers were required to be able to demonstrate a statutory defence, but following new legislation implemented in 2008, employers are now required to demonstrate they have a statutory excuse for all employees.

The statutory excuse means employers need to check the identity and immigration status of prospective staff members before employment starts. This requires checking a proscribed document from the Home Office lists of acceptable documents. The employer needs to make basic, but appropriate checks to ensure the document belongs to the person presenting it; check the document is valid proof of right to work and that it is genuine and has not been tampered with. [This is where Passport Proven can help] Most importantly the employer needs to retain a copy of the document checked and be be able to demonstrate they have followed the necessary steps. An audit trail is important, so signing and dating copies also helps.

If an employer is satisfied with the documents, then it is likely the statutory excuse is in place; but what if a candidate cannot produce the required documents; or what if there are some doubts? The Home Office advise that employment should not be offered at this stage. It may be that the candidate has to apply for and provide some new documents or that the employer needs to research into their options. Either way it would be a mistake to employ someone without the necessary paperwork being in place. This is because of the potential for a Civil Penalty, or worse.

Employers who get this wrong could be subject to an illegal working penalty of up to £20,000 per illegal worker; and if the Home Office can demonstrate that the employer “had reasonable cause to believe” that the employee is an illegal worker, the ultimate penalty can be a prison sentence.

Passport Proven is here to make this process easier for you. It takes you through the steps of checking a document and provides you with a report meeting the record requirements for the statutory excuse

In summary, the right to work in the UK can be defined as the process and record needed to ensure the statutory excuse is in place. The process requires following a few simple steps in order to create the relevant record. Doing this will protect employers from the Civil Penalty.

By Oliver Kemp of Passport Proven

Visit www.c3c.co.uk or call us on 0330 004 0020 to find out more. 

Thursday, 17 January 2019

C3C Team Qualify as Lead Auditors for ISO 9001 & ISO 27001

Chapter Three Consulting are delighted to announce that the team have qualified as Lead Auditors for both ISO 9001 and ISO 27001 and C3C are now able to help clients prepare for ISO 9001 and ISO 27001 certification.

ISO 9001:2015 sets out the criteria for a Quality Management System (QMS) which is a collection of business processes focused on consistently meeting customer requirements and enhancing their satisfaction.

Implementing a QMS can help a business to:
  •          Achieve greater consistency in the activities involved in providing products or services
  •          Reduce expensive mistakes
  •          Increase efficiency by improving use of time and resources
  •          Improve customer satisfaction
  •          Market the business more effectively
  •          Exploit new market sectors and territories
  •          Manage growth more effectively by making it easier to integrate new employees
  •          Constantly improve products, processes and systems

ISO 27001:2013 provides the requirements for an Information Security Management System (ISMS).

The ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process.

An ISMS typically addresses employee behaviour and processes as well as data and technology and can be implemented in a comprehensive way that becomes part of the company's culture.

 The key benefits of an ISMS:
  •          Helps protect all forms of information
  •          Increases resilience to cyber attacks
  •          Offers organisation-wide protection from technology-based risks
  •          Helps respond to evolving security threats
  •          Reduces costs associated with information security
  •          Protects the confidentiality, integrity and availability of data
  •          Improves company culture

Contact Chapter Three Consulting by calling 0330 004 0020 or email at info@c3c.co.uk