We use cookies to improve your online experience. For information on the cookies we use and for details on how we process your personal information, please see our cookie policy and privacy policy. By continuing to use our website you consent to us using cookies. Continue

What is Information Security Compliance?

Compliance Knowledge Base | Information Security

Posted by: Lauren Hockley Published: Wed, 15 Aug 2018 Last Reviewed: Wed, 15 Aug 2018
What is Information Security Compliance?

Information security is about looking after the information your organisation stores and processes is safe and that information systems operate as intended through implementation of efficient security controls. Information security is built upon three foundations: confidentiality, availability and integrity. It applies to numerous information types: paper records, desktop files, portable devices, displayed materials and spoken information. The purpose is to prevent confidentiality breaches, data losses and processing of inaccurate data as well as to ensure information is available when required.

Information security compliance is an umbrella term for conformity with numerous legislative and regulatory standards. The hefty task of compliance within the UK currently includes, but is not limited to: the Data Protection Act (DPA) 2018, the General Data Protection Regulation (GDPR), the Copyright Designs and Patent Act 1998 and the Payment Card Industry Data Security Standard (PCI DSS). Compliance is both the individual responsibility of data users and the corporate responsibility of your organisation. Non-compliance can result in damage to your organisation's reputation, interruptions to service, legal action being taken against you, wasting resources and putting people at risk.

What is Information Security Compliance?

UK Compliance Standards

The Data Protection Act (DPA) 2018 is the current UK legislation governing the processing of personal data. Personal data is any data relating to an identifiable, living person and processing is anything that is done with this data. The DPA 2018 is the UK's implementation of the General Data Protection Regulation (GDPR). It outlines a set of rules to be followed by data controllers (those who own data and are responsible for it) to abide by.

The Copyright Designs and Patents Act (CDPA) 1988 is the current copyright law within the UK. The CDPA gives creators of literacy, music, artwork and theatre the right to control the ways in which their material is used. Rights are in place for between 25 and 70 years, dependant on the type of work.

Compliance Standards beyond the UK

General Data Protection Regulation (GDPR) is a European Union law governing the processing of personal information. It was brought about to renovate outdated legislation, providing a better fit to the technology governed world we live in.

The Payment Card Industry (PCI) security standards council is a global organisation dedicated to maintaining, evolving and promoting PCI standards to protect card users. The Payment Card Industry Data Security Standard (PCI-DSS) is intended to reduce card fraud by tightly controlling data storage, transmission and processing. Organisations have met their legislative requirement by requiring anyone accepting credit/debit card payments to implement the Payment Card Industry Data Security Standard (PCI-DSS). You should check your company's policies when processing any card payments.

The International Organisation for Standardisation (ISO) is an international organisation, independent from any governments. Members comprise 161 national standards bodies who share knowledge and develop voluntary standards for many industries, such as technology, healthcare and finance. One such standard is the ISO 27001 which outlines information security management systems best practice. Whilst ISO certification is optional, it can help to ensure information security and reassure customers.

The US Sarbanes-Oxley Act (SOX) of 2002 is a US federal law, passed in response to numerous corporate and accounting scandals. It was implemented to strengthen financial disclosure requirements and prevent accounting fraud. SOX applies to those trading on US territory. In 2001, it came to light that the telecommunications giant WorldCom had falsified its financial records. The company reported a profit of $1.4 billion instead of a net loss and subsequently went bankrupt in the summer of 2002. This high publicity scandal demanded the change that SOX brought about.

The Importance of Information Security Compliance

Good information security practices allow you to get the best out of your information and be confident that the security risks are managed. Not only will your customers have more confidence in you, but also your partners will. Compliance also ensures you meet your legal and regulatory responsibilities. On the other hand, poor compliance may results in confidentiality breaches, data losses and loss of reputation. Disciplinary procedures can include: internal processes; investigations and enforcement by the Information Commissioner's Office (ICO); penalties from professional bodies; litigation by third parties, criminal offences and even arrest. Thorough information security training for all staff members will help you ensure your business is meeting compliance requirements.

Get in Touch

* Required Field

Get in Touch

Get in Touch

Get in Touch

+44 (0)1509 611 019

We'd love to talk to you about how we can help. Please leave your details below and a member of our team will get back to you.

* Required Field

Get in Touch