A Royal Wedding, GDPR and Version 18

The recent excitement around the royal wedding certainly proved to be a nice distraction for much of the United Kingdom and fans of the royal family around the globe.

Whilst the arrival of GDPR a week later on the 26th May surprisingly did not come with the same level of fanfare, it certainly also got plenty of good media coverage globally and continues to be a talking point for many.

At Protocol Policy Systems we recently completed Version 18 (V18) of the IT Policy System. One of the main objectives for releasing V18 is to assist organisations get their policy foundations in place as they strive to demonstrate compliance to GDPR.

To this end we have aligned the relevant sections of our comprehensive suite of IT Policies with the ISO29151 standard, which in combination with ISO27002 provides a code of practice for the protection of personally identifiable information.

To view a positioning graphic of ISO27k and ISO29k frameworks – Click Here

What is the main focus of ISO29151? – Protecting Personally Identifiable Information
The ISO29151 standard specification includes guidelines based on ISO27002, and adapts these where required, to address the privacy safeguarding requirements that arise from the processing of Personally Identifiable Information (PII).

An addendum containing an extended set of PII protection-specific controls is provided to supplement those given in ISO27002. The additional PII protection controls are categorised to correspond with the privacy policy and the 11 privacy principles of ISO29100 framework:

1. Consent and choice.
2. Purpose, legitimacy and specification.
3. Collection limitation.
4. Data minimisation.
5. Use, retention and disclosure limitation.
6. Accuracy and quality.
7. Openness, transparency and notice.
8. Individual participation and access.
9. Accountability.
10. Information security.
11. Privacy compliance.

If you would like to arrange an online demonstration of the  IT Policy Software with a view to understanding the extent of the GDPR relevant content then please contact Steve Macmillan.

New Cloud Computing content included in V18
Earlier in the year we aligned our policy content, where appropriate, to the ISO27017 Standard – Adoption of Cloud based technologies.

ISO27017 leverages many of the controls outlined in the ISO27002 standard and introduces some new recommended controls for organisations such as Cloud Service Customers and their suppliers – Cloud Service Providers. The standard provides cloud-specific implementation guidance to address cloud-specific information security threats and risks considerations.

Upgrading
All customers with current maintenance contracts are entitled to receive a free upgrade to version 18. In early June we will send out an advisory that provides some more details as to where the additional content and mapping work has been applied.

The same applies for customers of our new Policy Management as a Service offering. The additional content is provided under the annual subscription fee. Click Here to view the As a Service details.

Welcome aboard Emma
We are pleased to welcome Emma Tickner to the PPS (UK) team as a Business Relationship Manager. Emma will be focussed on talking to our Local Government customers and prospects in the coming weeks and will be able to provide further information on our Policy Management as a Service and Version 18.

Historic Environment Scotland deploy the IT Policy System
Historic Environment Scotland (HES) the lead public body established to investigate, care for, and promote Scotland’s historic environment has recently completed a successful deployment of the IT Policy System. Click Here to read the case study.