Managing Information Security
Good information security is essential. Charities and not for profit organisations have a legal duty to look after their information and face significant damage to their reputation if any data about their supporters or beneficiaries were lost or stolen.
Like any organisation, charities, under the 1998 Data Protection Act, must take "appropriate technical and organisational measures" against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
How do you decide what your organisation's “appropriate measures” would be, and where do you start?
Adapta can help by carrying out an information security or data protection review. This will provide you with an assessment of how well your current information systems comply with data protection legislation and best practice in information security management.
Typically, we approach an information security review in three stages:
We discuss your overall approach to information security, identify the range of policies and controls you have in place to protect your data and agree with you a programme of compliance testing for stage two
We interview a selection of staff and volunteers to assess the extent to which policies are understood and being adhered to, and the effectiveness of other controls. In this stage, we would also carry out testing of the IT-specific controls
We document our findings and recommendations in a report which would:
- Summarise our assessment of your current arrangements for data protection
- Identify any areas of non-conformance with the Data Protection Act
- Set out our recommended actions needed to improve conformance, and resilience of the systems and processes involved
Our approach ensures that you benefit from our knowledge and experience of information security management and are confident that the key risk areas are considered. We work exclusively with charities and not for profits and understand the business environment in which you operate and best practice across the sector.