Marco Miniotto, Senior IT Security Consultant CISSP-ISSMP
Is your company's compliance with EU-GDPR or Swiss LPD sufficient or do you risk severe penalties?
The recent changes in European (EU-GDPR) and Swiss (new LPD) regulations regarding the protection of personal data and the heavy penalties threatened in the event of "non-compliance" force companies and institutions to assess their compliance with the law.
As the CIO, CISO or security officer of your organisation, do you know what is your level of compliance with the recent Swiss and European regulatory changes regarding the protection of personal data? Many companies still need to fill the "gap" existing between the implemented security controls already operational within their Enterprise Architecture (EA) and those required by these regulatory changes.
In order to comply with the necessary security controls, one way to go forward is implement the standard ISO/IEC 27001: 2013 “Information security management systems” and in particular the controls suggested in its “Annex A”. The adoption of 53% of these measures allows your organisation to meet the new regulations on the protection and processing of personal data and to show your company adequately prepared in the event of checks by the authorities responsible for the protection of privacy.
Executing an analysis on the adequacy of the security controls of your EA is therefore an essential imperative for the protection of your company, its management body and ultimately the shareholders.
The WIRD Security Team assist its customers in identifying this "gap" by using an appropriate selection of the security controls suggested by the ISO 27001-2013 standard. At the moment WIRD is supporting a Swiss multinational active in the logistics sector in this process. The measures to be applied to close the gap are in this process evaluated and applied within the broader framework of the ISO/IEC 27000 series "Information Security Management Systems (ISMS) Family of Standards ". As a result of this process, the organisation is sure that a) the measures taken comply with the EU-GDPR resp. Swiss LPD regulations and b) the measures strenthen the overall Enterprise Architecture (EA) of the organisation.
Get non-binding advice on what is the right approach for your organisation now. Contact the WIRD Security Team at firstname.lastname@example.org . Don't wait until an incident occurs with high reputational and economic damages!