In the last six months we have fielded a number of enquiries as to how we can assist organisations ensure they have the right level of policy content in place to help them demonstrate they are working towards GDPR compliance.

In following up these enquiries it is often apparent that some of the organisations involved have struggled for years to consistently develop and deliver good IT security policies. Therefore the requirement to review existing or create new policies in the move to be GDPR compliant represents a challenge some feel unable to tackle without assistance.

Our Policy Management as a Service offering is geared to quickly develop and deploy comprehensive and appropriate organisational IT policies to users, managers and technical people. CLICK HERE to view the Service Spec Sheet.

The service addresses two primary challenges –

  • Most organisations don’t have in-house subject matter expertise to write and manage policy content that is easy to read and understand – and interestingly nobody is keen to volunteer to do this work!!
  • Once written, policies are not kept up to date and therefore don’t reflect ongoing technological, compliance or regulatory changes. Our research shows policies often remain untouched for up to 5 years after being deployed.

Using the ISO27002 set of standards, practices and controls as the foundation of the policies in our system means we have a good starting point with respect to the GDPR. Several sections of ISO27002 are directly related to key data protection, retention and breach response requirements outlined in the new regulation.

To assist organisations more comprehensively address the new regulation we have also incorporated additional policy content (and mappings) to cover personal data and personally identifiable information protection based on the ISO29151 standard. ISO29151 is designed to help organisations establish and implement the right controls to meet the requirements identified by a risk and impact assessment related to the protection of personally identifiable information (PII).

Taking out an annual subscription to the Policy Management as a Service means any organisation can demonstrate they are following best practice, are working with policies that are compliant with standards and regulations such as ISO, PCI, GDPR and that those policies reflect the use of current technologies such as Cloud Computing and Mobile Devices. All policy content is customised and branded to meet customer requirements.

To view our demonstration video CLICK HERE.

To read about how we assisted Carlisle Council with their IT Policies CLICK HERE.

To discuss Policy Management as a Service contact Sue Lal
Sue Lal – sue.lal@protocolpolicy.com
T. (mobile) 07769 338003
T. (office) 01604 709456