Top seven ISO 27001 recommendations for sales and marketing employees – These will help in the audit process.

by | Oct 4, 2020 | Cloud | 0 comments

1: Understand the impact of information incidents in your organisation while also gaining an in depth understanding of your information systems and how they are tied to the people you interact with. Review the types of information collected by your organisation and consider how compromised data will impact your customers and partners.

2: Develop a plan to respond to a cyber incident and make sure this plan is consistent with the regulatory requirements in your industry, legal considerations, and any commitments made to partners or other stakeholders. This is usually similar to Privacy impact assessment

 

3:Protect all shared files with encryption and strong passwords. This includes files on your intranet

 

4: Protect access to your Customer relationship management system and other online accounts with strong passwords, multifactor authentication  restricting access levels 

5: Promptly remove access to accounts when employees leave or vendors change.

 

6: Protect customer information in  Estimates / quotes, purchase orders, invoices and payments. Share only necessary information and destroy any information after use.

 

7: If doing business in foreign countries, be aware of specific regulations such as the General Data Protection Regulation (GDPR).

 

Salespeople are an important part of most businesses, but they too pose potential risks to your information security. By helping to ensure that they’re made fully aware of those risks and how to navigate them, your sales team can protect your business. Good practices and following a procedure for tasks is a key part of the framework for quality as well as Information assurance.

 

Paul

 

www.is27.co.uk

 

What is Port 7 used for?

What is a Port in IT terms not the famous one in Liverpool England ! Port numbers in computer networking represent communication endpoints. Ports are unsigned 16-bit integers (0-65535) that identify a specific process, or network...

IS27 Secures G Cloud 12 Supplier Status with Government

PRESS RELEASE – Liverpool 1st October 2020- Intime Services Limited Liverpool, UK, 1st October 2020, (www.is27.co.uk) Intime Services Limited, a global leader in Information security software and solutions have been named as a supplier on HM Crown Commercial Service’s...

What is Personal data?

What is Personal Data? This is a term defined in law. The following types of data are considered ‘personal data’ when they are on your phone, because they are being stored on a phone that is registered to you personally: the postcode district you provide when you...

How do your offload your old customer information?

ISO 27001 and GDPR This right to erasure or right to be forgotten is found in Article 17 of the GDPR. While there are some exceptions — for the completion of a contract, regulatory requirements, legal cases, and the public interest — much of the time a customer from...

How To Get ISO 27001

Define the scope of the ISMS The scope is the wording in which your organisation will confirm the compliance to an audit assessment but also will show your customers/clients that the ISMS is managing. (www.iso.org) This can look like something like this: “The...

How to do a security risk assessment

1. How to control your Risks in Information Security ISO27001 List all the potential risks that may impact your information processing. Once you uncover any risks, you need to analyse how the risk might occur, which may further involve identifying a vulnerability in...

How to deal with a data breach

What must an organisation do when they think they have had a data breach? If a company has lost your personal data as a result of a data breach, the company has data protection procedures it must take.  If there is...

How to do a SWOT analysis SWOT analysis

If you have a ISO standard then maybe the pandemic was not a furloughed reason ! Your SWOT analysis is an opportunity to consider the strengths, weaknesses, opportunities and threats that can help or impact your business. Threats will include some universal...

Remote Audits for ISO27001 until at least October 2020

Remote Audits for ISO27001 until at least October 2020

Those customers with annual assessments due prior to 1st October 2020 are encouraged to contact their Assessment Manager to begin discussions about the best way to conduct their assessment remotely. To reduce risks associated with conducting on-site assessments, the...