A vitally important consideration when planning any project is data protection. It’s always been front and centre as far as we’re concerned but with the introduction of GDPR in 2018 it became a legal requirement for ‘Data Protection by Default & Design.’
It’s important therefore that we agree with clients, early on, what personal data we need to process as part of a project, why, how and for how long it’s needed. We need to look at what happens to that data, the way we secure it and how users will be able to exercise their rights under GDPR.
Part of this will require having an agreement in place between our client as Data Controller and us as Data Processor, which sets out clearly everyone’s obligations and responsibilities when it comes to data protection.
It’s all very well though writing it down and saying what you’re going to do but here at Co-Pop we believe in putting your money where your mouth is which why we invest in Cyber Essentials accreditation.
For the last three years we have enjoyed Cyber Essentials certification and more recently have pushed that another notch with Cyber Essentials Plus. The Plus certification is similar in scope to the standard accreditation but importantly it includes an external audit of our security systems rather than self-certification.
Cyber Essentials is a government backed scheme that’s designed to help businesses protect against cyber attacks. It’s a requirement for working with many public sector bodies such as our clients at the NHS.
It’s applicable across our whole IT infrastructure and also includes mobile, remote and wireless devices, cloud services, and web apps.
Its requirements include:
- secure configuration
- user access control
- malware protection
- patch management
Having Cyber Essentials gives our customers peace of mind that we’re as good as we say we are when it comes to cyber security and whilst it’s impossible to protect from 100% of attacks it demonstrates that we have a strong baseline and take seriously the integrity of data we’re entrusted with.