Data Security and Compliance

Cyber-Essentials-Plus

We offer a set of tried and tested data security solutions that will provide you peace of mind knowing that your data is safe and secure. 

Two of the key certifications in data security are ISO27001 and Cyber Essentials Plus. Therefore, Weald holds and maintains both certifications therefore demonstrating we have also achieved high levels of security before advising you.

Subjects Covered

  • Backup, replication and Disaster Recovery
  • Threat Protection
  • Identity and Access Management
  • Impersonation Protection
  • Information Protection and Governance
  • User Education and Testing
  • Compliance

Simple Rules

It is generally said that one of the basic principles of information security is to ensure data is only read by those who ‘need’ to see it.  There are several ways of achieving “need to know”.
Firstly you may consider using encryption, Secondly, document classification and Thirdly settings like “do not forward” will all help achieve security.

One of the easiest wins to achieve protection from unwanted external access is to use Multi-Factor authentication.

Features with Microsoft 365

Many of the features below are within Microsoft 365, but are also offered by other vendors such as Mimecast. More than 90% of Weald’s clients run Microsoft 365, therefore, in the paragraphs below, we mostly reference Microsoft 365 features.

Data Loss Prevention

Data Loss Prevention is a feature that allows you to identify, monitor and protect sensitive data.  Firstly, this means incoming and outgoing email and attachments will be scanned for sensitive information defines by you or by templated policies.  Secondly, It will alert the administrator and prevent the item being sent.  In conclusion, DLP interrogates information held in SharePoint, Onedrive and Teams looking for defined characteristics and notifying of breaches, therefore helping you keep your data secure.

Governance

The use of retention policies helps manage the lifecycle of your content.  For example, you may retain or delete content with policy management.  In addition, you may retain mailbox content after employees leave the organization.

Microsoft 365 provides you with a  single solution for email and documents that incorporates retention schedules and requirements into a file plan that supports the full lifecycle of your content with records declaration, retention, and disposition

Compliance Manager

GDPR regulates the collection, storage, processing, and sharing of personal data. Personal data is defined very broadly under the GDPR as any data that relates to an identified or identifiable natural person that is a resident of the European Union (EU).  The first step towards GDPR compliance is to assess whether the GDPR applies to your organization, and, if so, to what extent. This analysis includes understanding the data your organization processes and where it resides.  In conclusion, compliance Manager helps you track, implement, and manage the auditing controls to help your organization reach compliance against various standards, including GDPR.

Some points on Security advice

Helpdesk - Get Support !