Our Information Security Action Items are lists of distinct tasks that you can do to overcome the problem of protecting information and information systems from unauthorized access in your organisation in compliance with the law. They help turn the complex information security compliance landscape into simple checklists of curated and categorised actions that you need to carry out. We can provide you with them in a single document as a bespoke or generic version.
Why are our Information Security Action Items important?
Protecting information and information systems from unauthorized access in compliance with the law is a complex problem. Information security laws don’t list a series of straightforward requirements where you can check them off and say that you’ve complied with them. They are principle-based and require a deep understanding of the thinking that informs them in order to comply with them properly. This is why you need our Information Security Action Items. We have distilled the ambiguous principles of information security laws into simple checklists where you can consider each recommended action in the context of your organisation’s information security strategy and decide whether you should do them or not.
How can our Information Security Action Items help you?
Our Information Security Action Items let you overcome the problem of protecting information and information systems from unauthorized access in your organisation by helping you answer whether you have implemented sufficient information security measures, such as:
- physical access – physical means of entering your premises or accessing spaces, such as through access control
- physical monitoring – observing the spaces where your personnel work, such as through video surveillance
- hard copy records – protecting information kept in writing on paper or in some other permanent form, such as through shredding
- physical privacy – keeping private affairs free from unwanted observation or disruption, such as through private consulting areas
- data – facts, figures, or other information in an electronic form stored on equipment, such as through file encryption
- equipment & systems – necessary devices for your business purposes and how they work together, such as through device encryption
- networking & communications – ways of sending, receiving, or exchanging information between people using some form of technology, such as through email encryption
- software – the programs that run on your systems and equipment, such as through antivirus software
- operational awareness – increasing knowledge or understanding of information security issues by the powerless majority in your organisation, such as through fostering a culture of security
- training – teaching people information security skills, such as by providing in-house personnel training
- operational monitoring – observing employees in person, such as through monitoring workstations
- procedures – established or official sets of actions conducted in a certain order to achieve information security, such as through employee on-boarding and exit procedures
- administrative awareness – increasing knowledge or understanding of information security issues by the powerful minority in your organisation, such as through leadership awareness
- planning – deciding how you approach information security, such as by planning around security
- documentation – measures relating to your written plans of action for how you will handle information security issues, such as by getting an information security policy
- assurances – measures intended to give you confidence in your ability to handle information security issues, such as by getting Information security insurance
What do you get when you buy our Information Security Action Items?
We deliver our Information Security Action Items as a document made up of four checklists, namely physical, digital, operational, and administrative security. Each checklist contains a table broken down into four sections. Each checklist sorts the action items by subsection and orders them by importance, from the most essential to the least. Each action item has a brief description of what it means. You can use the document as is or upload the content into your own project management system. You should indicate who is responsible for each action item and whether you have decided to do it, you’ve already done it, or you’ve decided not to do it.
We’ve curated our list of information action items over many years and would be happy to provide you with a:
- bespoke version tailored to your organisation based on a consultation with you to understand your requirements
- or a generic version as part of our Information Security Compliance Programme
Please enquire now if you’re interested.