UK test centre to manage government cyber security rules
Government-run TÜV SÜD United Kingdom has achieved Certified Body status for the test and validation of IT systems as part of the government's Cyber Essentials programme, which is designed to protect businesses from cyber security threats.
Now mandatory for any supplier of a government contract that involves providing IT services of handling personal data, the Cyber Essentials programme is also important for any businesses that want to take risk mitigation steps in order to comply with the General Data Protection Regulation (GDPR).
The new regulations are set to be introduced in May 2018, after which any organisations that fail to comply may face heavy penalties of up to four per cent of their annual global turnover if they suffer a data breach.
Commenting on the new rules, Ewan Fisher, operations manager at TÜV SÜD UK, said: "Cyber criminals target every size of organisation, both large and small. Cyber Essentials helps them to combat cyber attacks, the majority of which exploit basic IT system vulnerabilities."
According to the Cyber Security Breaches Survey 2017, which was conducted by the government, 46 per cent of all UK businesses have identified at least one cyber security breach in the past year. This increases to 66 per cent for medium-sized companies, an 68 per cent among larger firms.
The GDPR, which the TÜV SÜD UK will help to regulate, will cover five key data security areas, including secure configuration of new computer systems and networks, the provision of firewalls and internet gateways, and the control of access to data systems.
The organisation will also monitor patch management to ensure that all computer software is up to date, and malware protection to make sure a wide range of malware is unable to attack systems and risk data security.