QG Business Solutions Ltd have developed an Information Security Management System to help small and medium sized businesses to secure themselves adequately and meet their customer requirements.
Most businesses understand that if you store your customers’ personal or financial details you are required to be registered with the ICO regarding data protection. However, if a breach occurred, just registering does not protect you from investigation or prosecution, you require a process to be in place that documents your systems and compliance.
Payment Card Industry Compliance
If you provide products or services by payment card you should have completed a self-assessment to the acquiring bank stating your compliance to a number of areas including written policies and security awareness training etc. If a breach occurs, not necessarily on your premises, to a customers’ card an investigation will be launched. The investigation may involve your premises where you will be asked for evidence to back up your self-assessment. Consequences of not having the correct systems in place include a fine or, in extreme cases, having your payment card facilities removed.
If you supply goods or services to business, organisations or governments you are required to evidence your system meets their specifications (such as the MoD Cyber Risk Profile Requirements). The QG Information Security Management System defines each requirement and deals with them for assessment purposes.