Martin Courtney, Computing, Wednesday 7 July 2010 at 17:46:00
Rush to install compliance software in a bid to avoid ICO fines keeps
software vendors happy
Local government bodies are hastily installing compliance software in a bid Government Connect Secure Extranet (GCSX) Code of Connection (CoCo) rules on As of 6 April this year, the ICO has new powers to impose penalties of up to Cherwell District Council in North Oxfordshire is one local authority to have It has focused on establishing what it calls ?best practice information This is essentially educating end users and business partners as to what is ?The GCSX was the primary driver for installing MetaCompliance software,? ?All employers, contractors and third parties receive appropriate training Cherwell is facing its annual GCSX audit on 16th July this year, but also By automating information delivery at login, MetaCompliance provides auditors ?Trying to track people moving in and out of different data security groups The stronger government stance on data security represents a significant There is currently no specific solution for GCSX CoCo in the UK, leaving them Encryption software that protects the data on laptop and homeworker hard disk Much like insurance policies that guard against events that may never ?I don?t have the ROI calculations to hand, but there are significant savings
to avoid the potentially large fines that can be imposed by the Information
Commissioner?s Office (ICO).
data security are controls with which all local authorities must be compliant
before they can access and swap data with central government departments,
approved suppliers and other national bodies over the Government Secure Intranet
(GSi), the Government Secure Extranet (GSX), the National Health Service Network
(N3), the Criminal Justice Extranet (CJX) and the Police National Network (PNN),
for example.
�500,000 for serious data security breaches under the Data Protection Act.
installed software specifically to handle GCSX CoCo rules since the 6 April law
change.
assurance? and ?user awareness?.
expected of them with regards to data security, and installing software that
alerts anyone logging onto its network that they need to sign up to an
acceptable usage policy to access the restricted data.
said Cherwell information systems manager Gareth Jones.
and awareness information on screen when they log in, making sure that once they
have read it, they have to action it by pressing an agree button.?
wanted to make sure it complied with the ISO 27001 information security
management system standard.
with demonstrable proof of the council?s compliance efforts, as well as
automated risk assessment procedures which save the IT department time and
effort, and a way to integrate workflow processes into e-learning schedules.
is time consuming, and this software tracks them for me,? said Jones.
opportunity for software vendors.
to sell a wide variety of security applications into nervous local authorities
to help them achieve compliance.
drives, USB sticks and other removable media have proved popular, for example,
as has login management software that keeps a track of people logging into local
government networks and helps authenticate verified users.
happen, it is always hard to show clear return on investment for any compliance
software, however, and in some cases the additional management burden can put a
significant strain on in-house IT staff.
in people?s time ? the HR department would normally have to check everybody?s
files manually to see if they had done the e-learning, for example,? said Jones.
Full story at http://www.computing.co.uk/computing/news/2266106/councils-strengthen-gcsx-coco
No comments:
Post a Comment