A vitally important consideration when planning any project is data protection. It’s always been front and centre as far as we’re concerned but with the introduction of GDPR in 2018 it became a legal requirement for ‘Data Protection by Default & Design.’
It’s important therefore we agree with clients, early on, what personal data we need to process as part of a project. We need to decide why, how and for how long that data is needed. Then we need to look at what happens to the data and the way we secure it. We also need to explain to users how they can to exercise their rights under GDPR.
Part of this will require having an agreement in place between our client as Data Controller and us as Data Processor. The agreement sets out clearly everyone’s obligations and responsibilities when it comes to data protection.
Cyber Essentials
It’s all very well though writing it down and saying what you’re going to do but here at Corporation Pop we believe in putting your money where your mouth is which why we invest in Cyber Essentials accreditation.
For the last three years we have enjoyed Cyber Essentials certification and more recently have pushed that another notch with Cyber Essentials Plus. The Plus certification is similar in scope to the standard accreditation but importantly it includes an external audit of our security systems rather than self-certification.
Cyber Essentials is a government backed scheme that’s designed to help businesses protect against cyber attacks. It’s a requirement for working with many public sector bodies such as our clients at the NHS.
It’s applicable across our whole IT infrastructure and includes mobile, remote and wireless devices, cloud services, and web apps.
Its requirements include:
- firewalls
- secure configuration
- user access control
- malware protection
- patch management
Having Cyber Essentials accreditation gives our customers peace of mind. It’s evidence that we’re as good as we say we are when it comes to cyber security. Whilst it’s impossible to protect from 100% of attacks it demonstrates we have a strong baseline and take seriously the integrity of data we’re entrusted with.