IT Governance Blog on IT governance, risk management, compliance and information security.

• Does your organisation comply with the DPA?
• Do you want to avoid fines and censure for data breaches?
• How do you manage personal data legally and effectively?

This interactive and enjoyable one-day course gives both new and experienced staff and management – those involved with or responsible for personal data – an oversight of what the Data Protection Act means to their business also to their own rights as an individual.
(more…)

If you have any excess funds available from this financial year, now is the time to procure the vital resources needed to succeed in projects planned for later this year. In spite of budget cuts, and an uncertain economic climate, information security will continue you be one of the most important issues facing an organisation throughout 2010 and beyond.

(more…)

Although PCI DSS compliance may seem like an inconvenience you could do without, it is not an optional standard and you will have to comply to avoid financial penalties and brand damage which could result from a data breach.

Use-up any remaining funds you have from the 2009/2010 financial year on a compliance project that will benefit your customers and protect your brand, before you lose it!
(more…)

Where your information security is concerned, prevention is better than cure

If you want to tackle the problem of information security, you cannot rely on the help of technology alone. Information security breaches tend to occur as a result of human, as well as technological, failings. However, the human factor usually receives far less attention.

Information Security Awareness Bundle This carefully selected collection of products, will enable you to start to deliver general information security education, and provides resources to help you to create and implement an IT induction and information security awareness programme. "This clearly written booklet is soundly based in practice, and I challenge anyone with resonsibilities in IT or HR in an organisation not to find value in it." - David Clayden on IT Induction and Information Security Awareness Pocket Guide.

(more…)

Find out more about our range of information security training courses which will help you and your organisation make the most of 2010. Book now and use any remaining funds from the 2009/2010 financial year before your budget is slashed in the next financial year!

• ISO27001 Foundation Course – 1 Day
• ISO27001 ISMS Implementation Masterclass – 3 Days
• Certificated ISO 27001 Internal Auditor Training Course – 2 Days
• ISO27OO1 Certificated Lead Auditor Training Course – 4.5 Days
• PCI DSS Introduction, Implementation & Compliance Masterclass – 1 Day

Our fast-growing training division offers a wide range of IT governance and information security training courses, both public and in-house, as well as a comprehensive range of training courses that lead to accredited certifications.

(more…)

Purchase this Complete Data Protection Toolkit by Friday 19th February get a free copy of Data Breaches: Trends Costs and Best Practices - Worth £195!

Penalties for non-compliance are expected to be:

• Fines of up to £500,000 for serious contraventions of the DPA;
• 25 Monetary Penalty Notices (MPNs) are expected to be issued each year by the ICO;
• Prison sentences for deliberate, or negligent, customer data leaks by individuals within an organisation;
• DPA compliance costs are set to rise accordingly for UK organisations.

These penalties will be enforceable by the Information Commissioner’s Office (ICO) from 6th April 2010!

It’s now more important than ever that you meet the requirements of the DPA. There is a narrow window of opportunity for organisations to review their privacy practices and information governance in order to prepare for what will be the much more hostile regulatory environment to come.
(more…)

Meet compliance requirements for information security and PCI DSS with the help of our toolkits. There is currently added value offers available which expire at Midnight this Friday 19th February 2010!

Order before Friday and get 5 Pocket Guides FREE!

Purchase this toolkit before Friday and get PCI DSS: A Pocket Guide Free!

(more…)

This PCI DSS v1.2 compliance toolkit is specifically designed to help payment card-accepting organizations quickly create all the documentation required to affirmatively answer the requirements of the PCI DSS as set out in the Self Assessment Questionnaire.

The PCI DSS v1.2 Documentation Compliance Toolkit contains a full set of documentation templates for the all mandatory PCI DSS policies, as well as implementation guidance and ISO27001 cross-mapping. These templates are developed out of those contained in our best-selling ISO27001 ISMS Documentation Toolkit and, therefore, are capable of being integrated into an ISO27001 ISMS.

(more…)

Hi,

The long awaited international standard to the implementation of an information security management system,
ISO/IEC 27003:2010, is now available.

It’s a must have -

Buy the hard copy here:
http://www.itgovernance.co.uk/products/2906;

or the download here:
http://www.itgovernance.co.uk/products/2905.

Key Features and Benefits:

• The first standard to offer comprehensive guidance on implementing an ISO/IEC 27001:2005 ISMS. Using this standard during an ISMS implementation will improve your organisation’s chances of becoming ISO/IEC 27001 certified.
• Fully aligned with the rest of the ISO/IEC 27000 family of standards, meaning the strengths of all of the ISO/IEC 27000 standards together can be leveraged. Bringing about a higher level of information security, compliance, and cost savings, etc
• Written in a generic, practical manner, making the advice and guidance within applicable no matter the size, type or location of your organisation.

(more…)

In a January blog post titled DATA PROTECTION: Act now or pay the price, I outlined the penalties which the Information Commissioner’s Office (ICO) will introduction for breaches of the data protection act (DPA) 1998.

The penalties expected are likly to be:

• Fines of up to £500,000 for serious contraventions of the DPA;
• 25 Monetary Penalty Notices (MPNs) are expected to be issued each year by the ICO;
• Prison Sentences for deliberate or negligent customer data leaks by individuals within an organisation;
• DPA compliance costs are set to rise accordingly, for UK organisations.

I went on to stress that there is now a narrow window of opportunity for organisations to review their privacy practices and information governance in order to prepare for what will be the much more hostile regulatory environment to come.

How are you getting on?
(more…)