The Great Big Gap Analysis

Fran has started a spreadsheet!

As you will know by now (having read our previous blog posts) the ISO 27002 Standard lists the 93 different controls in 4 distinct categories:

·       Organisational

·       Physical

·       People

·       Technical

We are working through the controls one category at a time; and comparing our existing systems, processes, risk assessments and security controls with the the requirements listed in the Statement of Applicability (SOA).

A few action points have been raised in relation to information labelling, which have mostly landed on Jarrod and Michael’s desks (LOL).

These action points aren’t just relevant to Galaxy: Project ISO Upgrade shares some of the same business requirements as “Project Anti Discrimination Ordinance,” with regards to the classification and security of personal data and protected characteristics.

So the Galaxy and GRG Project Teams will be working closely together as we review these shared requirements and identify whether any additional or revised controls are needed.

Full steam ahead!