Small & Medium sized companies
Risk & Compliance
Adopting compliance standards will help mitigate against 80% of attacks. Compliance is fast becoming a pre-requisite when it comes to doing business and winning contracts.
Cyber Essentials & Cyber Essentials Plus
Backed by industry including the FSB, CBI and insurance organisations with incentives and grants for SMEs. Obtaining accreditation is becoming a pre-requisite for SMEs when it comes to doing business with Public and Government sectors as well as private organisations in the supply chain. Failure to comply can result in lost business and brand damage.
IASME, Information Assurance for SMEs
IASME is one of the Cyber Essentials accreditation bodies appointed by the UK Government. Together with Certification Body companies, they can certify you to the Cyber Essentials scheme required for many government tenders.
ISO 27001 is an international standard and defines how to manage information security in a company. Introduced in 2005, it is aimed at all types and sizes of organisations it provides a methodology for the implementation of information security management. Certification demonstrates to customers and suppliers that you are safe to do business with.
The Payment Card Industry standard is for organisations who handle Payment Cards, from retailers through to those who process the payments.
PCI DSS requires companies to build and maintain secure networks, protect cardholder data, have a security policy, and regularly monitor and test networks.
Failure to meet the requirements can result in very substantial costs to a business.
EU Data Protection Regulations
Reformed in 2012, the EU Commission proposed a new EU legal framework on the protection of personal data.
The aim of the reform is to strengthen individual rights and tackle the challenges of globalisation and new technologies.
ANY organisation operating within the EU, no matter where it is headquartered, is subject to this legislation. Fines for breaches can be extremely punitive as the EU tackles the powerful mega global companies such as Google.
The new regulations are expected to include a requirement to report breaches within 72 hours.