The FCA stated in a report on Data Security that there are three main reasons why firms are failing to identify all aspects of the Data Security Risk they face: Some do not appreciate the gravity of this risk Some do not have the expertise to make a reasonable assessment...
The FCA stated in a report on Data Security that there are three main reasons why firms are failing to identify all aspects of the Data Security Risk they face:
- Some do not appreciate the gravity of this risk
- Some do not have the expertise to make a reasonable assessment of key risk factors and devise ways of mitigating them
- Many fail to devote or co-ordinate adequate resources to address this risk
This course is a practical approach to assist you in meeting your firm’s responsibilities under the regulator’s 'Principles for Business' and 'SYSC' Rules. The course also covers the legal responsibilities on firms under the Data Protection Act.
It is important to remember that a number of high profile organisations have recently lost data and have been open to data abuse through poor organisation and controls. Firms who pay scant regard to the security of data held by them or on their behalf risk bringing about commercial, reputational, regulatory and legal penalties. This course aims to help you ensure that your firm is not one of them.
Who is this for?
This course is suitable for Senior Management, Compliance and Internal Audit staff, HR, IT, Risk Managers and other 'departmental' managers and supervisors.
- A background to Data Security with recent case examples
- Relevant regulatory Rules and obligations
- The eight Data Protection Principles
- Physical security to prevent unauthorised access
- Governance and risk assessment
- Recruitment of staff
- Training and education on Data Security
- Key systems and controls to assist in minimising risk of data loss or theft
- Security of disposal of data
- Monitoring systems and controls over Data Security
After attending this course, participants will be able to:
- Describe the background to the Data Security risk
- Explain the obligations of the firm under regulatory Rules and Data Protection legislation
- Carry out a Data Security Risk Assessment
- Identify potential weakness in controls and ideas for "plugging the gaps"
- Evidence an adequate level of competency in Data Security controls
- Comply with the regulatory requirements and avoid possible penalties
- Benchmark current arrangements against best practice