GDPR and Sales Team

The article below is important for every small business including Sales and Marketing team who generate leads and close the deals.

Three weeks ago, eInnoSec team received a call from the client that the company has signed a contract with the US-based new client to migrate corporate email on-prem to a new provider in the cloud. Along with the signed contract they received a five pages detailed questionnaire on the handling of private information. The small organizations doing business particularly in the US do not much speak about GDPR because they do not process any privacy data covered by the rules of GDPR. As it turns out the end client not only had an international presence but also had a Data Privacy Officer in Europe. Here is what everyone having small business needs to prepare for if you are having clients with an international presence.

Many of you read or heard about the EU Data Protection Act 1998. Prior to the EU Data Protection Act, various countries in Europe had some form of data protection act that protected data privacy. Similar rules are present in other countries in Asia too.

The significant changes in GDPR are related to the design which has the objective of providing rights as well as giving control to the personal data owner on deciding how the third party could use his/her personal information. Hence the rules are designed to ensure the data owner decides whether the third party can process his personal information, make changes, stop the use of information, etc. and have right to receive the information requested, obtain his consent, restrict processing,  provide visibility on the processing of information, etc. The challenge is for the companies to implement the rules and technology that will allow them to comply with the rules (please refer to Exhibit A below) of providing information in a timely manner, obtaining and documenting consent, etc. Once you understand the objective, Exhibit A will make sense.

EInnoSec advisor performed an assessment of the client’s GDPR readiness in three days and submitted a report on the fifth day providing gap analysis and suggested remedial actions. If your team is spending more than three days in deciding on what to do, the problem is not about addressing GDPR but probably addressing the information security as well as a data privacy issue. Please, note the objective is to gain an understanding of what we need to do. It will be great for every small business having international clients or wish to work with international clients, perform some quick study on GDPR and educate Sales and Marketing team. The sales team also needs to know about cold emailing, calling, etc.

eInnoSec (www.einnosec.com) team will cover this in next post.

Exhibit A – GDPR Rules

* Below is the summary of rules and will request you to read about processors vs controllers.

table3

Copyrights @2019 eInnoSec Consulting. All Rights Reserved.
www.einnosec.com

BCP/DR – Do you know these frameworks?

BCP/DR – Do you know these frameworks?

Business Continuity Planning is the way an organization can prepare for and aid in Disaster Recovery (DR). It is an arrangement agreed upon in advance by management and key personnel of the steps that will be taken to help the organization recover should any type of disaster occur. Though personally, I do not like Business Continuity Planning (BCP) to be associated with DR. For me BCP is more about the continuity of business and not just IT.

Disaster Recovery (DR) is the process an organization uses to recover access to their software, data, and/or hardware that are needed to resume the performance of normal, critical business functions after the event of either a natural disaster or a disaster caused by humans.

Business Continuity/Disaster Recovery Plans come in various forms, each reflecting the corporation’s particular set of circumstances. It’s about using the right people, processes, and technology.dr

Standards/Frameworks:

The best practices and various business continuity standards that details the steps for best business continuity plan are many and one needs to balance all these standards/requirements to get it right.

The list below does not include popular ISO, NIST, and other standards. The few below are those which you may or may not know.  They are very interesting to read.

Please check the frameworks below to see if your BCP/DR team has considered them.

  1. NFPA 1600
  2. ANS/NZS50502010 Business continuity-Managing disruption-related risks
  3. DRI Library
  4. BS25999
  5. ISO/IEC(various standards)
      The list is long but included few above to start the conversation.

     

    For more information  contact 

    eInnoSec Initiated Project for Like Minded Security Professionals (www.einnosec.com)

    Please check the earlier postings from e-InnoSec Team (www.einnosec.com):

        1. https://www.linkedin.com/feed/update/urn:li:activity:6533692345538408448/
        2. https://www.linkedin.com/feed/update/urn:li:activity:6531139710239199232/
        3. https://www.linkedin.com/feed/update/urn:li:activity:6525881711706853376/

Test

einnosec

 

 

 

Dear Client:

We at the eInnosec Consulting Firm are privileged to help you to achieve your life goals. You have entrusted us with a great honor, and we are grateful.

From the entire eInnosec family, we send best wishes this holiday season to you and your family, however near or far away they may be.

Best wishes,

eInnosec Team

eInnotech – Season’s Greeting!

image-1

 

 

Dear Client:
 

We at the eInnosec Consulting Firm are privileged to help you to achieve your life goals. You have entrusted us with a great honor, and we are grateful.

From the entire eInnosec family, we send best wishes this holiday season to you and your family, however near or far away they may be.

Best wishes,
 

eInnotech Team

Information Systems Audit

einnosec

www.einnosec.com

 

 

An information technology audit or information systems audit is an examination of the management controls within an information technology infrastructure and IT processes.

The potentially catastrophic events such as loosing data, loss of systems for extended period of time, malware, hackers, etc. pose a serious threat to organizations that are investing billions of dollars in their computer systems, databases, etc. This dependence on complex computing and large-scale data schemes has led organizations around the globe to recognize how IT auditors can help them understand the constantly shifting risks of the information age. IT auditors follow all the same ethical and independence parameters as financial auditors, but their focus is on the governance of IT systems and processes.

Continue reading “Information Systems Audit”