Organizations register with the Information Commissioner (formerly the Data Protection Registrar) for a variety of reasons. These reasons vary from controlling data solely applicable to their own staff for payroll purposes all the way through to recording vast quantities of data about huge numbers of people for marketing or even for onward sale to other interested parties. Either way, the Data Protection Act 1998 gives clear and unambiguous instruction as to the type of data that can be gathered, and how it may be stored, processed, retrieved, viewed and eventually disposed of. Other regulations and requirements will also affect how companies control the data that it gathers. For example, ISO 9001 has a section on Data Control, client specifications and tender documents require you to claim compliance with their policies and various standards that companies may have to deal with in oblique ways (such as BS7958 for control of CCTV monitoring) also lay down additional rules and regulations.

So what does this all mean?

This all means that there are a great many people looking over your shoulder who may later require proof of your compliance with an assortment of legislation. This begs the next question, "How do you know what regulations you should be complying with?" closely followed by "How do you know how all of these regulation impact on you and your business?"

Did you know . . .

. . . that if your company has registered with the Information Commissioner for any reason at all, you have automatically committed yourself to undertaking a complete audit of your data control processes and procedures? This is hard to do if "you don't know what you don't know". It is also a big commitment of time and effort on the part of your staff who may not be capable of conducting such an audit, let alone reporting it effectively and proposing suitable corrective actions to address any shortcomings.

What you need is a company that is trained to the necessary requirements and capable of conducting and reporting these audits correctly. After all, most organizations don't set out to do things wrongs, they just don't know what they don't know. Once the problem areas are identified, rectifying the shortcomings is relatively quick and easy to do.

Key Benefits

Complete and comprehensive consultancy service to ensure that all data protection aspects have been identified.
Provision of a Data Protection Policy.
Compliance with all regulatory requirements i.e. DPA 1998, BS 7858:2006, Criminal Records Bureau, Rehabilitation of Offenders Act 1974, ISO 9001, BS 7958, etc.
Main and contingency plans to ensure that all essential information security measures have been taken
Documented evidence that the audit has been carried out, shortcomings identified and corrective actions taken. This demonstrates a high degree of commitment to data security.

Why EQM?

Experience

Experience is essential to successful completion of information security audits. The auditor not only requires an in depth knowledge of the regulations covering your industry sector, but also data protection legislation that is applicable to all companies.

Because of the size and complexity of these audits and the importance of the subject being audited, it is essential that the auditor is a skilled and experienced auditor. You're only planning to do this audit once, so do it right the first time. We offer both expertise and experience coupled with application of state-of-the-art technology to meet your information security project needs.

Quality

Quality is the foundation of our business. We know there is simply no room today for anything other than the best. Our work has to meet the test of quality at every level. Providing attention to detail and ensuring customer satisfaction are our top priorities. We utilize the principles of continuous improvement and customer satisfaction.

We also work with our clients to help them future proof their organization against changes to data protection legislation. This means that as changes occur, as they invariably will, the organization has a clear understanding of how to ensure those changes are assessed, new requirements integrated into the existing regime, the results checked and documentary evidence to show compliance is maintained.

Commitment

The hiring of information security auditing services is a key buying decision that should provide the highest level of experience, service, and expertise available. EQM Ltd stands behind its commitments and is available to discuss your needs at any time. You're only planning to do this audit once, so do it right the first time.