Hawsons & GDPR

Hawsons steps to GDPR compliance

Hawsons takes all reasonable steps to protect personal and commercially sensitive data. Hawsons uses an  Information Security Management System (ISMS) which helps identify and manage risks to information security.

Hawsons Information Security Management System is based upon a framework initially developed by the European Union Agency for Network & Information Security (ENISA). The framework is risk based and has a foundation of OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation) principles, attributes and outputs.  The risk based methodology adopted is also compatible with other existing standards including:

  • ISO 27001:2013
  • ISO 27014:2013
  • HM Government Cyber Essentials

Hawsons ISMS contains appropriate controls (risk mitigating measures) and policies covering:

  • Organisation
  • People
  • Network
  • Application and
  • Systems

The controls and policies address the risk areas of:

  • Legal / Compliance
  • Financial
  • Productivity
  • Reputation and Client Confidence

In addition to the controls and policies of Hawsons Information Security Management System, all Hawsons Partners and staff undertake regular information security training along with awareness testing. Simulated email phishing tests are carried out fortnightly for all Partners and staff and leading encryption software is employed for the transmission of personal and commercially sensitive data.