Here, we describe some guiding principles of information security management.

These can help form the basis of an effective information security plan for your business.

Policies and Procedures

A good place to start is to consider what policies or principles your business should have in relation to its data. To do this you probably first need to determine what data or information your company possesses and how important it is. Consider supplier and customer lists, designs, product information, marketing material, accounts and personnel details.

Data Storage

Where is your data? It might be in physical files in the office, on a laptop, on mobile devices (e.g. tablets or smartphones) or in a 3rd party application, perhaps in the Cloud. Should you consider changing where some of your data resides? This could form the basis of a policy so make some notes.

Access and Control

Who has access to your data and how is that access controlled? This is typically where the issues of cyber security should be considered. If any of your data is on a device which is connected to the internet then appropriate security controls should be in place including protection from malware attacks and theft. You may find you need to move some of your data to a different place or ensure only certain staff have access to it.

Business Continuity

What would happen if you lost some critical or important company data? Could you continue to trade? How long would it take to get back up and running? You can implement a simple disaster recovery plan by ensuring your data is regularly backed up and can easily be restored.

Law and Compliance

For small businesses in the UK, the Data Protection Act is probably the most common piece of legislation your information management system needs to comply with. If you hold any personal identifiable information in digital form this storage of data is most likely subject to the requirements of the DPA or EU's GDPR. There may also be other legal or regulatory compliance restrictions over your data depending on the nature of your business.

Help and Advice

Genus One provides consultancy services for information assurance ranging from basic advice to complete IA assessments. We'll gladly discuss your individual business needs so please get in touch.