flexfog is an IT company situvated in london,uk with a lot of consumers from all around Europe .from January 2020 ,the organisation subjected to gdpr laws, which are governed by u.k laws . Flexfog is a creative agency built with one purpose: to help you define your brand. We offer impeccable service combining a nice and user-friendly design with quality programming. due to the nature of the organisations business model, vital assets are frequently considered as available to assessment by anyone with no constraints .to increase its cyber security and policy framework the organization is governed with a variety of regulatory frameworks. the company keeps sensitive business data, and the policy builds a solid legal and regulatory framework.
regulatory and legal compliance
The Data Protection Act of 2018 combines statutory requirements for anyone handling personal data. "Zero security" is legally liable for any personal data it collects, keeps, or uses in accordance with the Data Protection Act. "You are responsible for securing your client data and protecting it from fraudsters," the FCA states in their regulatory framework.
GDPR and privacy through the design
The organization must design for privacy. PDA stands for the privacy design approach. In early-stage system development, these strategies promote privacy. Privacy by design enhances overall IT privacy security thus improving the efficiency of the system. Writing down ideas preserves considerable secrets. Aspects of the current information system can also be examined.
disaster recovery plan
This policy and procedure have been established to ensure that in the event of a disaster or crisis, personnel will have a clear understanding of who should be contacted. Procedures have been addressed to ensure that communications can be quickly established while activating disaster recovery. The organization has implemented Cloud data storage services as well as many servers placed in various regions to go on business as usual.
Confidentiality. Integrity, Availability, are the fundamental components of information security and serve as the guiding principles for information governance. Assuring that CIA data is kept in a decent state within the organization.
Confidentiality: Confidentiality is the ability to hide information from those people unauthorised to view it.
Integrity: The ability to ensure that data is an accurate and unchanged representation of the original secure information. One type of security attack is to intercept some important data and make changes to it before sending it on to the intended receiver.
Availability: It is important to ensure that the information concerned is readily accessible to the authorised viewer at all times. Some types of security attacks attempt to deny access to the appropriate user, either for the sake of inconveniencing them, or because there is some secondary effect.
Retention and Disposal Schedules of Data
"flexfog" retains information to meet its business operations and to comply with legal and regulatory requirements. At the conclusion of the operating purpose, all remaining data should be securely disposed of via electronic document or paper document. The asset owner is accountable for retaining and destroying data that has been left with "flex fog".
It is critical to understand how third parties interact with the organization and the level of risk they pose A policy on information governance ensures that all relevant measures have been completed with contractors and support organizations. The contractor may give an independent assurance certificate, such as an ISO 27001 certificate The 3rd-party’s major IT work activities must be entered into or captured in a log:
Made available to (ORGANIZATION) IT management upon request, and
Must include events such as personnel changes, password changes, project milestones, deliverables, and arrival and departure times.
Other financial institutions, such as the Bank of England or a partner, may receive this information. The Data Protection Act of 1998 (DPA) safeguards the constitutional rights of people in regard to the processing of personal information by third parties. Necessary, proportionate, relevant, adequate, accurate, timely, and secure: ensure that the information you share is necessary for the purpose for which you are sharing it, is shared only with those individuals who need to have it, is accurate and up to-date, is shared in a timely fashion, and is shared securely.