PLANNING
SUPPORT
SUPPORT
SUPPORT
SUPPORT
SUPPORT
SUPPORT
ISO 9001 QUALITY MANAGEMENT SYSTEMS
ORGANISATIONAL CONTEXT
In order to achieve the intended outcomes of our data protection and information security management system (PIMS & ISMS) and meet our (PIMS & ISMS) objectives we have identified the internal and external issues that may impact the business. Our approach is to be reactive, but aware, changing our approach to the data protection and information management system when a particular issue changes or a new issue appears. We have highlighted a list of what we believe currently affect us achieving our strategic aims and objectives with regard to meeting requirements around data protection and information management.
Internal Issues
values – the values of K7 are ingrained in our staff and ensure we satisfy data protection and information management requirements.data and information shall be processed lawfully, fairly and transparently. Not doing so could result in legal action and repetitional loss.
culture - creating a culture all staff are aware of the value of personal data and information and that the whole business is accountable for its protection and safeguarding. Without a data culture risk becomes unmanageable.
risk - understanding risk and what is acceptable for the effective management of our (PIMS & ISMS) ensuring a measured approach to data and information. Certain risks cannot be accepted under law, so the use of impact assessments need to be conducted and documented to support decisions made around risk.
knowledge – having knowledge of the legislation surrounding data protection and information management, particularly the GDPR and DPA 2018. Understanding how our operations and systems enable safeguarding data and securing information. Other knowledge gained through network meetings and training courses are essential. Additional and specific knowledge around GDPR and IT is available to the business as an external resource.
responsibility and accountability - taking responsibility for the data and information we protect. Ensuring lawful processing, storage and security. Appointment of a DPO to liaise with the ICO and support the business in delivering its PIMS & ISMS. Accountability is a key principle (7) under GDPR and non-compliance could result in a fine.
internal processes and procedures - having effective processes and procedures for reporting data breaches, handling access requests, conducting information and data risk assessments and carrying out audits and reviews.
performance – our internal performance is monitored. Results are important in determining whether we are meeting legal and customer objectives, Breach reporting, subject access requests, training are all measurable, set in law and important in meeting our strategic objectives. A strategic scorecard ensures we monitor this performance on a regular basis.
External Issues
legal – changes in data protection legislation likely to have an impact on the way we manage data and the support required to effectively, meeting legal requirements and avoiding fines and repetitional loss
market place – very competitive market and opportunity to differentiate ourselves from the competition through a responsible approach to personal data and information.
social and economic – social and economic climate sees a change in way people think and attitudes towards privacy, information and on-line safety. Social media, global cyber attacks, cyber criminality are all impacting the rights and freedoms of individuals. The value of information continues to rise and support terrorism and criminality. Protecting individuals and businesses from these threats is essential for all.
competition – very competitive market place, vying for the same contracts mean that every little edge can count. Accreditation around data and information improves our chances against some of our competitors. ISO 27001, BS10012 and cyber essentials plus are areas which we shall explore.
technology – the introduction of new technologies brings opportunities but also brings with it risks. Impact assessments and risk assessments can be used to identify these risks and mitigate them. Under GDPR, a high risk is an unacceptable risk by law.
political - brexit, national agreements, privacy shield can all affect how we control and process data and information in the future. Regular checks of the ICO website will identify any changes or updates.
Scope of our ISMS & PIMS
Static Security Guarding, Mobile Services, CCTV, Fire & Security Installation & Maintenance
It applies to our head office and regional business units, our company vehicles and site activity and anywhere else we control or process information and personal data. We have considered the internal and external issues mentioned in our organizational context as well as our interested parties. We operate only in the confines of the EU and hold all of our data within the EU.
Compliance with Regulatory Requirements
K7 Compliance understand its legal obligations and has a broad level of knowledge and information within the business to ensure that we operate within the confines of any regulatory requirement or any needs of interested parties.
To enable us to continue to meet legislative and interested party need, we have developed a legal register that undergoes regular review. We also utilise the services of our Compliance Partner.
Back to ISO 27001
Leadership
