Effort to improve cybersecurity and privacy standards
The Office of the Privacy Commissioner is working with a UK-based organisation to help prepare organisations for compliance with privacy rules.
The IASME Consortium has developed governance standards relating to cybersecurity and assurance.
PrivCom said IASME is committed to helping businesses improve their cybersecurity, risk management, and good governance through an effective and accessible range of certifications.
The non-financial collaboration between PrivCom and IASME will support the development of a Bermuda-specific component of the cyber assurance and privacy standard to help organisations certify their compliance with the Personal Information Protection Act.
PrivCom said this certification tool will help organisations test and demonstrate their privacy and security practices by providing a framework for compliance with requirements and best practices.
IASME’s certification mechanism allows organisations to self-certify or to engage with a trained assessor to evaluate the organisation and provide a third-party certification.
To support the growth of data privacy and cybersecurity expertise in Bermuda, IASME will offer local training to individuals interested in becoming assessors for certification standards.
This two-day training will take place in July and will be facilitated by IASME trainers visiting Bermuda. The Association of Bermuda Insurers and Reinsurers is to sponsor the venue for this cohort.
In July, IASME and PrivCom will also co-ordinate a virtual event for introductory meetings and interviews between the UK-based certification bodies and local, trained assessors.
There is an opportunity for trained Bermudian assessors to work both locally and abroad with current IASME certification bodies in the UK, US and Europe.
The groups plan to continue the Bermuda assessor training twice per year.
In addition, IASME aims to support the Bermuda data privacy and cybersecurity industry by inviting Bermudian organisations to become an IASME certification body.
Such bodies are expert cybersecurity organisations with registered assessors licensed to certify an organisation’s practices against IASME cybersecurity schemes, including IASME cyber assurance.
The bodies help organisations understand the assessment questions and prepare for certification.
Another virtual meet-and-greet is planned for Bermuda-based organisations to learn more about certification bodies and to discuss potential partnerships with UK entities.
PrivCom and IASME will work together this year to introduce any custom changes needed to the certification programmes to help organisations evaluate Bermuda-specific components of laws such as PIPA and other guidance.
About the engagement, Privacy Commissioner Alexander White said: “This project will give all Bermudian organisations a framework to understand and explain their privacy and cybersecurity readiness.
“IASME is a recognised entity for their work in the UK to build cybersecurity maturity, making the process simpler and realistic even for small businesses.
“Plus, since this engagement will map Bermuda’s PIPA to IASME’s certification for the General Data Protection Regulation, Bermudian businesses will be well placed to comply with privacy rules outside of Bermuda.”
Emma Philpott, CEO of the IASME Consortium, said: “IASME are excited to be working with PrivCom on this important project. It is fantastic to see such a proactive attitude to privacy and security and we are looking forward to training the first cohort of assessors.”
PrivCom’s assistant commissioner Cha’Von Clarke-Joell, who has coordinated the engagement with IASME, said: “This is an exciting and significant development for Bermuda’s economy and the information privacy sector as local assessors can register with certification bodies on the island, the UK, the US, and in Europe to offer services globally to any entity that uses the IASME standard while working virtually from Bermuda, thus contributing to the island’s economic growth with flexible and remote working conditions.”
Need to
Know
2. Please respect the use of this community forum and its users.
3. Any poster that insults, threatens or verbally abuses another member, uses defamatory language, or deliberately disrupts discussions will be banned.
4. Users who violate the Terms of Service or any commenting rules will be banned.
5. Please stay on topic. "Trolling" to incite emotional responses and disrupt conversations will be deleted.
6. To understand further what is and isn't allowed and the actions we may take, please read our Terms of Service