Business Continuity Management Systems
The importance of due diligence in Information Security
Due diligence is not just a regulatory requirement but a fundamental component of a robust information security strategy.
Guidelines for the 2025 changes to Cyber Essentials requirements in the education sector
The Department for Education (DfE) is changing its IT security requirements to improve resilience against cyber threats in the education sector.
A guide to payment compliance ahead of the March 2025 PCI DSS changes
With the approaching deadline for PCI DSS 4. 0.
Five quick wins to reduce your risk of a data breach
What is a data breach? A data breach occurs when sensitive, protected, or confidential information is accessed, shared, or stolen by an unauthorised person.
The importance of Business as Usual PCI DSS compliance
Achieving PCI DSS compliance is a significant milestone for any entity that handles cardholder data. But! Maintaining that compliance is just as important, because lapsing into non-compliance can lead to substantial financial penalties, increased fees, and a higher risk of data breaches.
Understanding the PCI DSS v4.0 Customised Approach
PCI DSS v4. 0 became the only authorised standard on 31 March 2024.
PCI DSS compliance: What is a Third Party Service Provider?
Navigating the complexities of PCI DSS compliance can be challenging, especially when it comes to understanding the role of Third Party Service Providers (TPSPs).
How to get buy-in for ISO 27001
Cyber security; when everything is going well, it’s easy for non-tech and non-risk people to underestimate the value of the services they’re paying for and the controls that have been put in place.
Why do I need an information security gap analysis?
If you’re responsible for or involved with Information Security in your organisation, when you’re planning for the year ahead, your risk and compliance activities likely have a prominent space on your to do list.
Are you on track for ISO 27001:2022?
On 31 October 2025 the 2022 edition of ISO 27001 will supersede the previous versions and you’ll need to prove your compliance to the updated Standard.
Where is your data?
The past few years have seen a rise in flexible working, with many of us now in remote and hybrid roles.
PCI DSS v4.0: What you need to know
In March 2022, the PCI DSS Security Standards Council launched the long-awaited update to the standard, with Version 4.
What Is ISO 27002 and why does your business need to know about it?
The International Organization for Standardization (ISO) recently released an update to the ISO/IEC 27002 originally published in 2013.
Why choose ISO 27001 over other information security frameworks?
ISO 27001 is one of the best known and most recognised internationally agreed set of standards for the specification of information security management systems (ISMS).
5 ISO 27001 myths that make the Standard seem expensive and difficult
ISO 27001, the gold standard of information security management best practice, or a royal pain in the neck? Let’s be honest; more often than not, organisations don’t implement ISO 27001 for fun, it’s because they don’t have a choice.
IMO’s 2021 Cyber Security Regulations are dead ahead
Malicious cyber activity targeting or affecting the maritime sector has soared in 2020 and, with the end of the year fast approaching, so too is the impending deadline for compliance with the International Maritime Organisation’s (IMO) cyber security regulations.
The challenges of PCI DSS compliance
We were already steadily moving towards a cashless society, even before the COVID-19 pandemic hit; banks made it easier for us to use our cards while we are out and about, with contactless payments, and we are certainly spending more time and money doing our shopping online.
Two years of GDPR: Clarifying personal data [Infographic]
The 25th May 2020 will mark the two-year anniversary of the implementation of the General Data Protection Regulation, also known as the GDPR (and sometimes referred to as the bane of your DPO’s existence).
Changes to the Data Security and Protection Toolkit (DSPT) for 2019/2020
Keeping data safe is an ongoing process—once a regulation or process is in place, the body responsible for monitoring compliance will always be looking into ways to improve the measures.
The importance of checking Firewall Rules and PCI DSS
Requirement 1 in the Payment Card Industry Data Security Standard (PCI DSS) is largely concerned with firewalls and how they are such a critical protection mechanism for network security.
Understanding the NIS Directive (NISD) and how to be compliant [Video]
In this video, PGI’s CEO, Brian Lord discusses the basics of the NIS Directive (NISD), the concerns and risks, and how to begin the process of becoming compliant without reinventing the wheel or implementing an unnecessary or expensive framework.
Information security: The choice between Cyber Essentials and ISO 27001
We know information security is a complex world – there are a lot of initialisms and controls and, often, knowing where to start is the hardest part.
What is NISD and how it impacts the OES community
In the 21st Century, many of our essential services—health, transport, energy, water and digital infrastructure in particular—have become heavily reliant on networks, technology and internet connected service delivery.
The Data Protection Act: What is personal data?
You may have seen in the news recently that the pregnancy and parenting club, Bounty have been fined £400,000 by the Information Commissioner’s Office (ICO) for illegally sharing 34.
Why organisations can’t afford to forget about data protection and GDPR
You probably can’t believe we’re saying it because it feels like only yesterday that we had GDPR fatigue – constant reminders from every publication, a little fearmongering here and there, and generally an overload of information.
PCI DSS: A terminology and acronym minefield
We’ve all been there; you’re talking to someone who throws an acronym at you that you’ve never heard before, or worse, you have heard it, but it means something totally different in the context of your conversation (or you’ve forgotten).
PCI DSS: Ensuring ongoing compliance
Once a status of compliance has been successfully achieved, the last thing an organisation wants is to drop its guard and lapse into a state of non-compliance the following year.
