You are browsing archives for
You are probably aware that the Cabinet Office have recently issued Version 8 of the Security Policy Framework (SPF). This is the document that provides the overarching framework for security compliance with Government and for any organisations wishing to connect to the Government network or do business with HMG. Previously we have published versions of […]
Almost everyone has a personal email address, to the point where you are probably more shocked to discover someone who doesnt rather than a person who has several. In recent years, as the internet has become more embedded in our daily life this has exploded and people now access their email on their phone, tablets, […]
For any organisation looking to provide services to the UK Government, consideration of the Security Policy Framework (SPF) is essential and for most Government contracts audited compliance is required. Unfortunately, compliance with the SPF (and List X Status) doesnt often carry much weight in the wider world where customers and service partners will often demand […]
As we mentioned recently, the UK Government has released an updated version of the Security Policy Framework (SPF), which details the security requirements for government agencies and departments. It also applies to any private sector bodies providing services to the Government (such as List X companies). Where there is a requirement to comply with the […]
As previously mentioned, we have updated the SPF Compliance Checklist to make it suitable for use with Version 7 of the Security Policy Framework released a few weeks ago. The new checklist is now available for free download from our security resources section and provides you with the relevant audit points to assess compliance with […]
The UK Government has released an updated version of the Security Policy Framework (version 7) which reflects changing opinions on the best way to manage security risks within Government. The primary change with this new release is that the Mandatory Requirements have reduced from 68 in the previous version to 20 in the current version. […]
Earlier this week, the Justice Committee Ninth Report made the recommendation that the Information Commissioners should have the power to issue custodial sentences (prison time) for breaches of the Data Protection Act rather than be limited to the current system whereby a fine of up to £500,000 can be levied against those responsible for a […]
There has been a lot of press coverage over the recent incident where a cabinet office minister (Oliver Letwin) was observed throwing official documents into a public waste bin. Although it is not yet confirmed, it has been reported that these documents contained a mix of information relating to counter-terrorism and correspondence from his constituency […]
A report has apparently revealed that the East Surrey Hospital has lost an unencrypted USB drive containing the details of 800 patients. According to the Crawley Observer, this data included details such as dates of birth and medical operation details (and as such would be considered Sensitive Personal Data under the Data Protection Act 1998). In addition […]
Today the Information Commissioner’s Office announced a data protection act breach at the Bay House School in Hampshire which placed data belonging to nearly 20,000 people at risk. Reading the ICO report, it appears this breach was the result of an attack on its website and the fact that members of staff re-used passwords for […]
The ICO has issued another set of fines for misuse of personal data and violations of the Data Protection Act. This instance, however, is clear cut criminal behavior rather than business misuse, or misunderstanding, of the act. Also in this instance, it appears that the incident came to light after T-Mobile conducted an internal investigation and reported […]
The ICO has flexed its muscles against Surrey Council and imposed a £120,000 fine for breaching the Data Protection Act. While this falls well short of the maximum allowed in law (£500,000) it is larger than most of the recent fines issued. The likelihood is that the size of this offence was more driven by the repeated […]
If you are interesting in taking the UK governments “Cyber Security Challenge” – registration is now open. You can find more at the challenge website: https://cybersecuritychallenge.org.uk/ If you are planning to take part, then good luck.