Making the Connection ISO Master Class An Overview.

Slides:



Advertisements
Similar presentations
Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.
Advertisements

The Data Protection (Jersey) Law 2005.
Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.
University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.
Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
The Information Commissioner’s Office David Evans.
Health & Social Care Apprenticeships & Diploma
EHRs and the European Union – current legislation and future directions. Dr Richard Fitton.
Research Paper Presentation Software Engineering in agent systems.
Computers, the law and ethics  Lesson Objective: Understand some of the legal & ethical issues in developing computer systems  Learning Outcome: Know.
The Data Protection Act 1998 The Eight Principles.
Professional Values and Basic Business Legislation.
OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.
GEOG3025 Confidentiality and social implications.
Data Protection Act AS Module Heathcote Ch. 12.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
Everyone has a duty to comply with the Act, including employers, employees, trainees, self-employed, manufacturers, suppliers, designers, importers of.
Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.
Legal issues The Data Protection Act Legal issues What the Act covers The misuse of personal data By organizations and businesses.
Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.
ICT and the Law: We are going to look at 3 areas.  The Copyright, Design, and Patents Act controls Illegal Copying  The Computer Misuse Act prevents.
The Data Protection Act What the Act covers The misuse of personal data by organisations and businesses.
Data Protection Act The Data Protection Act (DPA) is a balance between rights of the DATA SUBJECT and obligations of the DATA CONTROLLER DATA CONTROLLER.
Computer Laws Data Protection Act 1998 Computer Misuse Act 1990.
Computing, Ethics & The Law. The Law Copyright, Designs and Patents Act (1988) Computer Misuse Act (1990) Data Protection Act (1998) (8 Main Principles)
Data Protection Philip Reed. Introduction What is data? What is data protection? Who needs your data? Who wants your data? Who does not need your data?
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
DATA PROTECTION ACT DATA PROTECTION ACT  Gives rights to data subjects (i.e. people who have data stored about them on a computer)  Information.
Data protection—training materials [Name and details of speaker]
Uses of brain imaging data: privacy and governance implications Dr. Hester Ward Medical Director, Information Services Division, (ISD) Consultant in Public.
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Protecting Data, Sharing Information Graham Wakerley: Director
General Data Protection Regulation (EU 2016/679)
The Data Protection Act 1998
The Data Protection Act 1998
CISI – Financial Products, Markets & Services
Data Protection and Confidentiality
Trevor Ellis Trainee Programmer (1981 – 28 years ago)
Level 2 Diploma in Customer Service
Privacy Impact Assessments (PIAs)
General Data Protection Regulation
Data Protection Act.
The Data Protection Act 1998
Anonymised information
Data Protection Legislation
CIPD Foundation Certificate and Diploma in Human Resource Practice
Data Protection & Freedom of Information- An Introduction
GENERAL DATA PROTECTION REGULATION (GDPR)
6 Principles of the GDPR and SQL Provision
Data Protection Act.
G.D.P.R General Data Protection Regulations
Data Protection and Running a Compliant Pub Watch SCHeme
General Data Protection Regulation
Data Protection principles
Unit 1 Effective Communication in Health and Social Care
Identify the laws and guidelines that affect day-to-day use of IT.
A whistle stop tour of GDPR
General Data Protection Regulations 2018
General Data Protection Regulations (GDPR) Training
Welcome IITA Inbound Insider Webinar: An Introduction to GDPR
Privacy and Cyber Security for Payroll Pros: A Global Perspective
Dr Elizabeth Lomas The General Data Protection Regulation (GDPR): Changing the data protection landscape Dr Elizabeth Lomas
Identify the laws and guidelines that affect day-to-day use of IT.
Neopay Practical Guides #2 PSD2 (Should I be worried?)
General Data Protection Regulation Community Councils
Presentation transcript:

Making the Connection ISO Master Class An Overview

What is ISO? Making the Connection What does ISO stand for? International Standards Organisation World wide recognised body for standardisation Why is ISO important? International standard recognised by other countries Defined and measured standards on which organisations can be measured and compared Do we need ISO accreditation? Simply put NO we don’t However some sectors require certain standards, e.g. Governments, Financial Services, Insurance What ISO Standards are required? Depends on what type of business we are Key standards are; ISO 22301 – Business Continuity ISO 9001 – Quality Management ISO 27001 – Information Security ISO – Non-governmental organisation Formed in 1926 and reformed in 1947 164 member countries Over 20,000 standards including manufacturing, technology, food safety, agriculture and healthcare Iso term used for a cd image based on iso 9260

ISO 22301 – Business Continuity Making the Connection What is ISO 22301 Business Continuity Management? ‘Specifies the requirements for a management system to protect against, reduce the likelihood of and ensure your business recovers from disruptive incidents’ What does that mean? ’If there is a disruption to the business what do we about it’ Do we need ISO 22301? No we don’t, but it would be good to know what we would do in case of a disruption And, if we are doing that, why shouldn’t we follow good practise Do other organisations look for ISO 22301? Again it depends on the organisation, most will ask for Business Continuity Plan (BCP) Not many ask for ISO 22301 accreditation Business Continuity covers three key elements Resilience – ensure critical business functions and supporting infrastructure are designed and engineered to be unaffected by most disruptions Recovery – arrangement are made to recover or restore critical and less critical business functions that may have failed Contingency – establish a general capacity and readiness to cope effectively with major incidents or disasters occur

ISO 9001 – Quality Management Making the Connection What is ISO 9001 – Quality Management System? ‘A management system to continually monitor and manage quality across all operations, outlines ways to achieve and benchmark consistent performance and service’ What does that mean? How do we become a better business, save money, increase profit, win more business and satisfy customers Do we need ISO 9001? No we don’t need it, but we should do it if we’re serious about quality Do other organisations look for ISO 9001? Yes they do, its one of the most widely recognised standards Lots of sectors adopt ISO 9001, including Manufacturing, Government, Pharmaceuticals Over 1 Million companies world wide accredited Most widely recognised standard in the world Covers all areas of a business including; Facilities People Training Services Equipment

ISO 27001 – Information Security Making the Connection What is ISO 27001 – Information Security Management System? ‘A management system to identify risks to your important information and put in place appropriate controls to help reduce the risk’ What does that mean? How we manage, process and protect data within our business Do we need ISO 27001? Yes we do, because we are a data processor Do other organisations look for ISO 27001? Yes they do, its another widely recognised standard Lots of sectors adopt ISO 27001, including Financial services, Insurance and Government Information Security Simply the process of keeping information secure Confidentiality Protecting data from being disclosed to unauthorised parties Integrity Protecting information from being changed by unauthorised parties Availability Provision of information to authorised parties only when requested

Data Protection What is Data Protection? Making the Connection What is Data Protection? ‘ There are strict rules called the data protection principles, to make sure information is used fairly and lawfully, use for limited stated purpose, used in a way which is adequate, relevant and not excessive, accurate and kept safe and not transferred outside the EU’ What does that mean? ‘It is the controls put in place on how your personal information is used by an organisation, business or government’ What’s the difference between Data Protection and ISO27001? ISO 27001 is about systems, processes and controls in place to handle data Data Protection is about what the data is used for Personal data shall be processed fairly and lawfully Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further process in any manner incompatible with that purpose Personal data shall be adequate, relevant and not excessive Personal data shall be accurate and kept up to date Personal data processed for any purpose shall not be kept for longer than is necessary Personal data shall be processed in accordance with rights of the data subject Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data Personal data shall not be transferred to a country outside the European Economic Area unless it ensures adequate level of protection

European Data Protection Regulation Making the Connection What is the European Data Protection Regulation (EDPR)? ‘It is a pan-European standard set of rules for personal data protection.’ What are the changes from current legislation? Single set of rules, across EU Increased responsibility and accountability for organisations processing personal data Will only have to deal with ‘local’ data protection authority (ICO) People will have easier access to their own data and able to transfer to other organisations A ’right to be forgotten’ Rules apply to any company who handles personal data in the EU When does it come into effect? Beginning of 2018

Summary What is ISO? Why do we have International Standards? Making the Connection What is ISO? Why do we have International Standards? What are the standards for Business Continuity? Quality Management? Information Security? What is EDPR? What are the key ideas? How does it affect me?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.