Resources

Information Security Policy Templates

Here is a list of policy templates that you may find useful. The templates provide you with the skeleton of a policy and will need to be tailored to your organization in order to be fit for purpose (and thereafter enforced accordingly).

Source: Click here

Cyber Essentials is a UK government endorsed cyber security scheme, designed to help you guard against the most common cyber threats and demonstrate your commitments to cyber security. You can be accredited against this scheme and it is often a pre-requisite for businesses looking to work with other organizations that take cyber security seriously.

Source: Click here

10 Steps is a UK government endorsed cyber security scheme. 10 steps cover 10 different domains of information security and is a good start for small to medium businesses looking to implement an Information Security Management System.

Source: Click here

The National Cyber Security Centre (NCSC) is a government organisation in the UK, charged with reducing the cyber security risk faced by public and private sector organisations in the UK, while promoting awareness and improving cyber resilience.

Source: Click here

The Information Commissioner’s Office is the independent body charged with upholding information rights in the UK. The ICO is responsible for enforcing regulations such as the Data Protection Act 2018, and have the right to investigate information security incidents and issue fines for regulatory non-compliance.

Source: Click here

ISO develop and publishes international standards. There are many standards that ISO has released that relates to information security (ISO 27000 Series), the standards are highly regarded, and many businesses adopt the standards to help improve their information security management system. You can be certified by ISO, organizations can prove their commitments to information security by becoming certified.

Source: Click here

A neatly arranged full text of GDPR and its current updated articles split into sections according to articles.

Source: Click here

A neatly arranged full text of the Data Protection Act 2018, split article by article.

Source: Click here

GDPR related documents including templates for: Controllers, Processors and Data Protection Impact Assessments. These templates and guidance will be useful for organizations looking to comply with GDPR.

Source: Click here

The department for Digital, Culture, Media and Sports publishes an annual report on the breaches that were reported by UK businesses. The report breaks down the current threat landscape and the problems that organisations face in the current year.

Source: Click here

Information Systems Audit and Control Association (ISACA) is a non-profit professional association focused on IT governance. The white paper “State of Cyber Security 2018 Part 1” is the first of a 3-part series where ISACA presents findings related to “staffing, work force development, budget and organization of security teams”

Source: Click here