As a key area of Pulsion’s ISO 27001 certification, we have a responsibility to continually monitor potential risks to the business from any number of sources. These sources include external influences, such as third party supplier capabilities as well as more wide ranging changes to legislation. One such impending change is that to the Data Protection Act, which will be replaced by a UK implementation of the General Data Protection Regulation (GDPR) by May 2018.
One of the many challenges with such a change is the unknown practicalities of just how the GDPR will be implemented. The Information Commissioner’s Office has been working hard to clarify much of the regulation and the key areas for which businesses will require to focus to ensure full compliance. These focus on the rights of individuals with regards to areas such as access, rectification, erasure, process restriction and data portability.
These areas of focus all mean that it is vital for businesses such as Pulsion to ensure that data protection is considered from the outset of any software development through principles such a privacy by design. Fortunately, as an ISO 27001 certified organisation, such principles dovetail nicely with Pulsion’s existing security development policies as required by that standard.
Privacy by design, by its very nature, encourages organisations to consider security throughout software projects. This is necessary as security as an afterthought is often difficult to implement without significant changes to systems, which frequently proves costly in both time and budget.
As such, Pulsion staff necessarily understand security requirements across all of our multi-disciplined areas;
- Business analysts consider data security during discovery phases, helping clients to understand their role in defining processes and risks, and clarifying how systems will meet legal compliance requirements and policies
- Technical architects and developers consider it during design and implementation phases, following a regularly reviewed internal Secure Development policy covering recognised best practices in a number of key areas such as input validation, authentication management, access control and communication security
- System administrators consider it during deployment and ongoing support phases, implementing infrastructure hardening and maintaining ongoing auditing as well as periodic and ad-hoc patching.
The next few years will be pivotal for GDPR – time will tell on how they impact our way of working moving forward. Security, however, will always remain high on the agenda of any software development project now, and into the future.
Contact us if you have any questions on firstname.lastname@example.org or 0141 352 2280.
Head of Central Services
As Head of Central Services for Pulsion Technology, Krys oversees core areas of the business necessary for the smooth running of all aspects of the company, including Technical Services, Quality Assurance, Technical Support, Human Resources and Finance.