Framework Information: There are a number of frameworks for you to choose from on our platform. Based on your needs, organization’s size and goals, certain frameworks may be more appropriate than others. To help you decide which framework is right for you we’ve included a description of each one below.
- Cyber Essentials: Cyber Essentials is a UK government supported cyber security scheme designed to help you guard against the most common cyber threats and demonstrate your organization’s commitment to cyber security. It covers five technical control areas: (i) Firewalls, (ii) Secure Configuration, (iii) User Access, (iv) Anti-malware, and (v) Patch Management. You can be accredited against this scheme and it is often a pre-requisite for businesses looking to work with other organizations that take cyber security seriously.
- Information Commissioner’s Office GDPR Controller/Processor Checklist: The Information Commissioner’s Office (ICO) is the independent body charged with upholding information rights in the UK. The ICO is responsible for enforcing regulations such as the Data Protection Act 2018, and in doing so has the right to investigate information security incidents and issue fines for regulatory non-compliance. They also provide detailed guidance to help organizations comply with data protection legislation. As part of this, they created GDPR Checklists for Controllers and Processors. Both have been created with small organizations in mind, and are most useful for small to medium sized organizations from the private, public and third sectors.
- ISO 27001: The International Organization for Standardization (ISO) develop and publish a wide array of international standards (defining best practice in a given field). Perhaps the most widely known of these are the 27000 series, which focus on information security. The series is very highly regarded, and many businesses adopt ISO 27001 to help formalize their information security management system. You can be certified against ISO 27001 by accredited organizations.
- NCSC (Small Business Guide): The National Cyber Security Centre (NCSC) is a government organization in the UK charged with reducing the cyber security risk faced by public and private sector organizations in the UK, while promoting awareness and improving cyber resilience. As part of this mandate, the NCSC has produced a Guide for Small Businesses setting out some basic controls they can implement to improve their security.