Hawsons & GDPR
Hawsons steps to GDPR compliance
Hawsons takes all reasonable steps to protect personal and commercially sensitive data. Hawsons uses an Information Security Management System (ISMS) which helps identify and manage risks to information security.
Hawsons Information Security Management System is based upon a framework initially developed by the European Union Agency for Network & Information Security (ENISA). The framework is risk based and has a foundation of OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation) principles, attributes and outputs. The risk based methodology adopted is also compatible with other existing standards including:
- PCI DSS
- ISO 27001:2013
- ISO 27014:2013
- HM Government Cyber Essentials
Hawsons ISMS contains appropriate controls (risk mitigating measures) and policies covering:
- Organisation
- People
- Network
- Application and
- Systems
The controls and policies address the risk areas of:
- Legal / Compliance
- Financial
- Productivity
- Reputation and Client Confidence
In addition to the controls and policies of Hawsons Information Security Management System, all Hawsons Partners and staff undertake regular information security training along with awareness testing. Simulated email phishing tests are carried out fortnightly for all Partners and staff and leading encryption software is employed for the transmission of personal and commercially sensitive data.