GDPR SECURITY - Confidentiality Intgrity, Availability and Resilience?
Collectively known as the ‘CIA triad’, confidentiality, integrity and availability are the three key elements of information security. If any of the three elements is compromised, then there can be serious consequences, both for you as a data controller, and for the individuals whose data you process.
The information security measures you implement should seek to guarantee all three both for the systems themselves and any data they process.
You are also required to have the ability to ensure the ‘resilience’ of your processing systems and services. To put this into contest, resilience refers to your capacity to recover quickly from difficulties, which include things like business continuity plans, disaster recovery, and cybercrime actions and tasks that need to be performed in a timely manner to recover as quickly as possible.
Crises Control offers a platform to: Create, Test, Execute, Audit and review Business Continuity, Incident management and Cybercrime plans.
GRDP SECURITY - What organisational Measure do you need to consider?
Although an information security policy is an example of an appropriate organisational measure, you may not need a ‘formal’ policy document or an associated set of policies in specific areas. It depends on your size and the amount and nature of the personal data you process, and the way you use that data. However, having a policy does enable you to demonstrate how you are taking steps to comply with the security principle.
Whether or not you have such a policy, you still need to consider security and other related matters such as:
- Co-ordination between key people in your organisation when there is an incident (e.g. the security manager will need to know about commissioning and disposing of any IT equipment);
- Secure and private communications that are required when managing an incident which include supply chain partners, Legal, PR professionals, and other third parties.
- Access to premises or equipment given to anyone outside your organisation (e.g. for computer maintenance) and the additional security considerations this will generate;
- Business continuity arrangements that identify how you will protect and recover any personal data you hold; and
- Periodic checks to ensure that your security measures remain appropriate and up to date.
Crises Control provides a private, secure, mass communication platform that can be used to communicate like “WhatsApp” when you need it. It lets the right people know what is going on.
It also provides a platform for more formally managing Incidents that require a process to be followed or Task to be completed in a timely manner. Crises Control’s real-time reporting and Audit data help you learn and make improvement to our plans for faster recovery.
GDPR REPORTING A BREACH - Personal Data Breach
- The GDPR introduces a duty on all organisations to report certain types of personal data breach to the relevant supervisory authority. You must do this within 72 hours of becoming aware of the breach, where feasible.
- If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, you must also inform those individuals without undue delay.
- You should ensure you have robust breach detection, investigation and internal reporting procedures in place. This will facilitate decision-making about whether or not you need to notify the relevant supervisory authority and the affected individuals.
- You must also keep a record of any personal data breaches, regardless of whether you are required to notify.
Crises Control offers a solution to; Automate Incident Alerts, create TASK workflow with time KPIs and capture process audit data.
Download our free white paper
Are you worried about GDPR and data protection breaches? Our white paper "Keep your business safe from regulatory fines" offers advice on how an incident notification solution can help you to avoid fines and other sanctions from regulators following an information security or health and safety breach. Download the white paper.
We have now made it easy to integrate other monitoring systems with Crises Control. No matter what the system and its location as long as it can send an Email, SMS, or FTP alerts when an incident occurs it can integrate with Crises Control to launch the associated incident is seconds.
Reach your Business Continuity Management Team (BCM) through push notifications, emails, SMS, phone calls or any combination. This will ensure rapid notifications and acknowledgement of critical incidents.
Our new Task Manager module provides a valuable addition to your existing incident management functions that comes into its own once you have launched an incident, allowing you to create, delegate and track multiple incident tasks lists.
The right balance between security and ease of use is essential when handling a crisis, where speed of communication may have to take precedence over the most stringent access controls.
During a crisis event, organisations need to do more than just send out an alert. Locate your Business Continuity Management team on location map and track their progress and responses.
Crises Control provides auditable log-tracking, sent to a central server for post-crisis review and compliance reporting. Powerful audit reports continuously refine your processes to deliver the best results.