June 01, 2023
Local Digital is a community of organisations working together on a shared vision: to deliver more user-centred, cost-effective local public services through open, collaborative and reusable work. Research previously conducted by Local Digital identified that local authorities in England don’t have a clear baseline “standard for cyber security”.
April 13, 2023
The maintenance and upkeep of IT policies is typically driven by changes in business requirements, the adoption of new technology, changes in best practice standards, or increasingly a cybersecurity incident. In some of these examples policy maintenance and upkeep work may not be too significant however, when it comes to changes in a standard the work to review and edit policy wording to ensure it is aligned with the updated guidance can be significant.
March 15, 2023
IT Policies play a key role in building and developing cyber resilience. In trying to address IT policy requirements using in house resources, many organisations find the exercise to be laborious and costly to deliver, and a struggle to complete the exercise. Once policies have been approved and are in circulation, they need to be kept up to date and maintained by their respective “owners”. The frequency of policy maintenance will vary but it’s typically driven by changes in business requirements, best practice guidance or legislation.
February 02, 2023
With the release of the PCI DSS v4.0 standard Protocol Policy Systems initiated an upgrade exercise for Policy Management as a Service to reflect the changes. PCI DSS v3.2.1 will be retired as at 31 March 2024 at which point PCI DSS v4.0 will be the only active version of the standard. PCI DSS v3.2.1 is valid until 31 March 2024 to allow organisations time to understand the changes in version 4.0, update their templates and forms, and apply the necessary changes to meet the new requirements. By 31 March 2025 organisations must also implement those new requirements identified as best practices in v4.0.
December 14, 2022
As 2022 comes to a close our December newsletter is a brief recap of the last 12 months. Having migrated the vast majority of our customers to the Essentials and Premium versions of Policy Management as a Service (PMaaS) we received a lot of positive feedback, especially on the new functionality to help drive and increase user engagement with the policy content.
November 10, 2022
The release of a new version of the 27002 standard by ISO has introduced a number of changes from its predecessor, the 2013 version, as covered in our August and September newsletters. On 16th November, Protocol Policy Systems will make a new mapping option for the ISO27002:2022 version available to existing and new customers of Policy Management as a Service (PMaaS).
October 05, 2022
Having clear, consistent and risk-appropriate policies in place to manage data security can help you comply with your legal obligations and create positive, organisation-wide change. Most people tasked with data protection responsibilities will already be familiar with the Accountability Framework as a guide to safeguarding customer data. The Information Commissioner’s Office, which drafted the framework, states that ‘accountability is one of the key principles in data protection law...
September 07, 2022
Our August newsletter outlined the changes delivered in the new 2022 version of ISO 27002. In terms of the recommended controls the overall count in the 2022 revision has 21 less controls than before and 24 of the original controls have been merged. However, 11 new controls have also been introduced, let’s take a brief look at those new controls.
PROTOCOL POLICY SYSTEMS
Fill in the form or call us on (UK) +44 845 241 0099 or (NZ) +64 9 570 2233