March 29, 2016

The Information Commissioner’s Office (ICO) publishes new guide to IT Security

The ICO encourages businesses to use the guide to assist with putting appropriate IT security systems in place to avoid data breach fines and to comply with obligations under the Data Protection Act 1998 (including the seventh data protection principle, which requires appropriate technical and organisational measures to be taken to keep data secure).

This new version of the guide updates previous advice on the cloud and contains additional guidance on security of mobile devices. A new ten-step format sets out recommended action steps, including to assess threats and risks, get in line with the Government's "Cyber Essentials Scheme", train staff, back up data and minimise data.

The guide is published together with a useful Self-Assessment Tool Kit which incorporates checklists for various areas of data protection compliance including data protection assurance, records management, information security, data sharing and subject access, and direct marketing. A compliance rating is automatically produced upon completing assessments, along with detailed suggestions and links to relevant ICO guidance for areas where compliance could be improved.

Links to the guide and toolkit are available at

For more information on legal issues relating to the life sciences sector, please contact Thomas Bjorn.

Share on:

Your Comments

Leave a comment

Thank you for choosing to leave a comment. Please keep in mind that comments are moderated. Please do not use a spammy keyword or a domain as your name or it will be deleted.