Risk Crew, the elite group of information security governance, risk & compliance experts, and the forerunners in the design & delivery of innovative & effective solutions, is proud to announce an addition to the GRC portfolio of services: SOC 2! What is SOC 2? SOC 2 is a type of audit that ensures the organisation […]
21
Apr
Apr
Let us begin by describing how to approach Cyber Supply Chain Risk Management (C-SCRM) and the risks your vendors pose to you. Then we will discuss if you should require them to show evidence that penetration testing was conducted and what remediations were taken. C-SCRM in a nutshell For simplicity let us split suppliers into […]
14
Apr
Apr
What is a SOC? The difference between SOC 1, 2 and 3 is quite important assuming that you know what SOC is. Most people will have heard of a SOC audit report, but for those who do not understand what SOC stands for, let us start from the beginning. SOC is the acronym for System […]
07
Apr
Apr
additionally, Last update: 25 January 2022 Web applications are an essential component of any modern business. They can help convey the company vision, advertise services and deliver content to customers. Regardless of their use, they are a necessity to make oneself or a business known to the world. However, as beneficial as they can be […]
17
Mar
Mar
Why else should you attend the webinar? You’ll not only receive expert insight into triggers and mistakes to avoid but will have the opportunity to ask your pressing questions surrounding the DPIA tool – which is the key to DPA and GDPR compliance. What else will be covered on DPIAs? The 4 objectives for […]
02
Mar
Mar
Here’s a funny thing – recital 84 of the EU’s GDPR legislation states “…where processing operations are likely to result in a high risk to the rights and freedoms of natural persons, the controller should be responsible for the carrying-out of a data protection impact assessment…”. Paragraph 1 of Article 35 says pretty much the […]
18
Feb
Feb
Are you managing personal data deletion correctly under the DPA and GDPR? Does everyone in your organisation know what to delete and when to delete? It might seem like an easy task but many still struggle with this. The deletion of 213,000 UK police records due to incorrectly flagged files for deletion is a good […]
18
Feb
Feb
Cyber security is a journey and not just a destination. In the ever-changing security landscape, regular testing and mitigation are required. To prevent testing efforts from feeling like a sinkhole in time and funding, KPIs can be used to track the output of testing to show progress and motivate internal teams to improve their practices. […]
09
Feb
Feb
Did Brexit really kill the UK GDPR? A lot of people were confused (and rightly so) as the 31st of December came and went. What I’m going to do here is unpick the information on GDPR from all the confusion around the Trade Deal announced at the very last minute by the UK Government and […]
03
Feb
Feb
If change is the only constant in cyber security, then what will the year ahead of us bring? How can we prepare for ever-evolving threats? Register for the webinar: Risk & Compliance Predictions for 2021 The session will cover: The challenges of greater enforcement Ransomware and the next generation of threat vectors What boards […]