Information Security - GDPR
iFACTS approach to information security is based on process orientation and asset management principles - inspired by the ISO27000 series.
Common work steps within Information Security are ownership, responsibilities, classification, requirements, policy, document handling, dependencies, GAP analysis, nonconformity handling, risk assessment.
Several types of regulation, law, and standards impact information security. For example NIS-directive, ISO 27000, GDPR, PCI and more. iFACTS can support all of these by the unified approach to Governance including information security.
Recently governmental agenciys and other authorities has updated their recommendations and requirements. The Swedish Civil Contingencies Agency (MSB) published a report with 20 recommendations for corporations and entities that acts in modern it landscapes. The reports further shows that changes, done without overview and without an information security mindset, can cause damage. Further, the opposite, where failure to perform changes, has also led to damages, with for example, intruders has used known vulnerabilities in non updated environments.
MSB recommends work processes where changes are done systematicaly, thorougkly and procces driven. Read more from MSB on below link:
GDPR is handled within information security. Each Processing is registered as an asset and all the necessary functionality is available in the software. For example records of processing, DPIA, data breach reporting, consent, data request, and erasure.
iFACTS supports as well the certification process of the ISMS in ISO 27001. Starting with scoping, risk assessment, selection of controls including the statement of applicability, and the full rollout and implementation.
Base functionality in the iFACTS software: access control, inventory, classification, trigger logic, requirement and control libraries, dependencies, document management, notification, risk management, incident management, control program, reports, and dashboards.