How to comply with information security requirements

Copyright © 2024 LexisNexis
Published by a LexisNexis Risk & Compliance expert
Practice notes

How to comply with information security requirements

Copyright © 2024 LexisNexis

Published by a LexisNexis Risk & Compliance expert

Practice notes
imgtext

You must have appropriate security in place to prevent personal data being accidentally or deliberately compromised.

Information security is wider than cybersecurity (the protection of your networks and information systems from attack), as information security also covers things like physical and organisational security measures.

This Practice Note reflects requirements in the UK General Data Protection Regulation (UK GDPR) and ICO expectations, as set out in the ICO’s Guide to the UK GDPR, Security.

The CIA triad

The ICO guidance specifically refers to the ‘CIA triad’: confidentiality, integrity and availability.

If any of the three elements is compromised, there can be serious consequences—for you as a data controller and for the individuals whose data you process.

You are also required to ensure the resilience of your processing systems and services. Resilience refers to:

  1. whether your systems can continue operating under adverse conditions, eg a physical or technical incident, and

  2. your ability to restore them to an effective state

See the range of tools available in subtopic: Business continuity plan.

The

Powered by Lexis+®
Jurisdiction(s):
United Kingdom
Key definition:
Requirements definition
What does Requirements mean?

A DCO should include “Requirements” to which the development authorised by the DCO is to be subject. Similar to planning conditions, a requirement specifies the matters for which detailed approval needs to be obtained before the development can be lawfully begin.

Read more

Popular documents

Bring your own device (BYOD)

Bring your own device (BYOD)What is BYOD?'Bring your own device' (BYOD) refers to arrangements where an organisation allows employees to connect to its corporate IT network using their own communications devices, for specific, work-related purposes. BYOD arrangements may cover a range of devices,

Scotland—the process for applying for sequestration

Scotland—the process for applying for sequestrationSequestration in Scotland is the legal process by which an insolvent debtor’s estate is gathered in, realised and then distributed among their creditors by a trustee appointed for that purpose. The process requires that a formal award of

If planning permission imposes restrictions on a licensed premises opening hours, once operational can

If planning permission imposes restrictions on a licensed premises opening hours, once operational can the personal licence holder apply for a Temporary Events Notice (TEN) to open for longer hours than those permitted in the planning permission?To use any property for a licensable activity both

What is the difference between an appeal and a review?

What is the difference between an appeal and a review?What is an appeal?An appeal in insolvency proceedings is no different to an appeal in normal litigation. An appeal will be allowed only if the appeal court is satisfied that the decision of the lower court was 'wrong' or 'unjust because of a