Back Version française
Litigation

Baselines – Cyber Security Controls for Small and Medium Sized Organizations

Oct 8th, 2019

By Frank M. Schlesinger

The International Organization for Standardization (“ISO”) has released the world’s first international standard to help organizations manage privacy information and meet regulatory requirements.

The ISO 27701 certification for Privacy Information Management Systems (“PIMS”) provides its requirements regarding privacy, including GDPR, building on ISO/IEC 27001, by providing necessary extra provisions.  It deals with employee awareness programs, risk assessment and documentation and applies to businesses of all sizes and types.

Businesses who wish to improve their cyber security ability should be aware of a document issued by the government of Canada called “Baselines cyber security controls for small and medium organizations”.

The overview of the document states:

“This document presents the Canadian Centre for Cyber Security baseline cyber security controls wherein we attempt to apply the 80/20 rule (achieve 80% of the benefit from 20% of the effort) to the cyber security practices of small and medium organizations in Canada.”

The document may be downloaded in PDF form from the website https://cyber.gc.ca/en/guidance/baseline-cyber-security-controls-small-and-medium-organizations-v11-0.

This is a 19 page document which gives details of many steps which companies may use in order to protect their data.  It would be wise to have your IT department check same carefully.

For any questions or assistance, fell free to contact the undersigned at fschlesinger@spiegelsohmer.com