- Ensuring password protection of personal data being sent to external parties;
- The enforcement of “complex” passwords for all staff logging in to our systems;
- Clear-desk policy (not easy); and
- The proper disposal of confidential waste.
It is not often a television advert makes me sit up, take notice and shout “No!....” at the box in the corner. One did recently, and perhaps it says as much about me and my long learned approach to data security. Over the past three years or so, our company has introduced a rigorous and robust approach to data security and information management. This has culminated in us being one of the very few pension companies to have obtained ISO 27001:2005 accreditation and recently being (we think) the first in our industry to obtain the updated ISO 27001:2013 certification. Is has taken time, significant investment and the buy-in of all staff to engrain the proper processes and procedures into our day to day work. It is something we are very proud of. Among the many requirements are: