Is business continuity really becoming more strategic?

strategic business continuityThere has been a lot of discussion recently about whether business continuity as a profession needs to take a more strategic role in organizations. Luke Bird FBCI CRISC gives his view of the current situation and the development that is needed within the profession.

Read this article

High availability and disaster recovery: predictions for 2022

Cassius RhueAs we look ahead to 2022, IT teams will continue to look for innovative ways to ensure that business-critical applications are run efficiently and that they are protected from downtime and data loss. Cassius Rhue, VP, Customer Experience at SIOS Technology, gives his views on how things will develop.

Read this article

Network availability and security: predictions for 2022

2022 cyber predictionsKelly Ahuja, CEO at Versa Networks, looks ahead to 2022 and how organizations will develop the way that ICT networks are managed and provisioned to ensure better availability and security.

Read this article

More 2022 predictions

Does your exec board only offer lip service to cyber security and resilience?

Yuval BaronThere are increasing calls for organizational boards to take a strategic lead when it comes to cyber security and resilience. Yuval Baron explains why having the C-suite onboard is important and what true executive buy in looks like.

Read this article

May 25th 2018 is the deadline for compliance with the new European Union General Data Protection Regulation (GDPR); and statistics released by Veritas show that a significant percentage of businesses think that GDPR could put them out of business.

Veritas polled 900 organizations in eight different countries around the world in early 2017. The research includes statistics on the impact of non-compliance on business operations, customer relationships and livelihood. Globally, nearly one fifth (18 percent) of organizations are concerned that GDPR unpreparedness could put them out of business; this figure is 15 percent in the UK.

The research also found that:

  • 32 percent of businesses do not think that their firm has the right technology to cope with GDPR requirements;
  • 42 percent don’t have a way to manage which data should be stored or deleted;
  • 23 percent of UK businesses believe they could lose customers as a result of GDPR.

To assist businesses with their GDPR preparations, Veritas has provided the following checklist:

Locate – the critical first step in complying with GDPR is gaining a holistic understanding of where all the personal data held by your organization is located.  Building a data map of where this information is being stored, who has access to it, how long it is being retained, and where it is being moved is critical to understanding how your enterprise is processing and managing personal data

Search – residents of the EU will be able to request visibility into all of the personal data held on them by submitting a Subject Access Request (SAR). They will also be able to request that the data be corrected (if factually incorrect), ported (to a suitable export format) or deleted.  Ensuring that your organization can undertake and service these requests in a timely manner is critical to avoiding GDPR penalties

Minimise – data minimization, one of the main tenets of GDPR, is designed to ensure that organizations reduce the overall amount of stored personal data. This is done by only keeping personal data for the period of time directly related to the original intended purpose.  The deployment and enforcement of retention policies that automatically expire data over time establishes the cornerstone of your GDPR strategy

Protect – under GDPR, organizations have a general obligation to implement technical and organizational measures to show they have considered and integrated data protection into all data collection and processing activities.

Monitor – GDPR introduces a duty on all organizations to report certain types of data breaches to the relevant supervisory authority, and in some cases to the individuals affected.  You should assure that you have capabilities in place to monitor for possible breach activity – such as unexpected or unusual file access patterns – and to quickly trigger reporting procedures.