We’re pleased to announce that our 2019 ISO/IEC 27001:2013 Surveillance Audit was, again, a resounding success. It was another example of a zero-nonconformity audit and the result is testament to excellent business balanced with first class information security throughout the company. This was our ninth consecutive successful audit by the Kitemark service quality trademarked British Standards Institution (BSI), a UKAS-accredited certification body.
For more than 13 years, it’s been Regency’s business to advise and help our customers in achieving certifications/accreditations against Information Security and Assurance Standards in both public and private sectors, and as such we see it as imperative that we act in a manner that echoes our advice.
The last few months in the Regency calendar have been very busy with the move from our offices in Cheltenham, to take up our new residence on site with our parent company Airbus in Newport. The move has tested our change and project management, our business resilience and our formal arrangements with suppliers. Our physical and environmental security has been transformed, and so it has been a timely opportunity to review our information security posture more generally. With the move complete, we were ready and eager to undergo the surveillance audit which examined our entire scope. Although we anticipated a positive result we welcome the independent assurance given by the external auditor.
(the European General Data Protection Regulation), closely tied with the UK Data Protection Act 2018, was in focus in this year’s audit (ISO 27001 requires the organisation to comply with all relevant legislative requirements), but as an information security consultancy we’ve taken additional steps to validate our knowledge by qualifying our ISO 27001 Lead Auditors as certified practitioners. Their knowledge has been and will continue to be indispensable for our own data protection compliance requirements and for our continued ISO 27001 certification.
For our Customers:
We can help you to unravel ISO 27001. If you’d like to embark on a brand-new ISO 27001 certification journey – we’ve done this ourselves, and we’ve done it for clients – we can help you too. Perhaps you already hold certification but you’re about to undergo organisational change – we can help you to prepare, perhaps project manage the change, but ultimately ensure that your ISO 27001 requirements are stabilised before, throughout and after the change. Perhaps, as an organisation, you just dread annual audits as you know certification continuation is far from guaranteed – in this position you need a friendly consultant with a fresh pair of eyes and audit experience to provide expert but pragmatic steerage.
& DPA 2018
The same applies for compliance with and DPA 2018. We know that many organisations see , in its current and largely untested state, as a minefield. With the exception of fines for not paying the data protection fee, there have been no civil monetary penalties in the UK against DPA 2018 / since its introduction in May 2018. Penalties awarded since May 2018 have been in relation to legacy DPA 1998 investigations only. However, we are led to believe that we will start to see the first DPA 2018 / penalties very soon. We know that CEOs throughout Europe are scanning their supervisory authority newsletters to learn of the latest penalties, to find out how organisations in similar sectors may be infringing and to what extent they are being fined. We can help you to comply, or simply give you assurance through audit that you are complying, ultimately taking the confusion and worry out of the minefield.
If you would like to explore how Regency can help your organisation, please contact us on our office number 01242 225699 or email email@example.com