Hi Martin, you’re the Information Security and Compliance Manager at Restore Digital. Could you give us a little overview of your role please?
Of course, my role covers quite a wide scope, but essentially, I am responsible for the implementation and maintenance of Restore Digital’s BSI accredited and certified ISO management systems which include ISO 9001, ISO 27001 and BS 10008.
I’m also leading the current implementation of the ISO 45001 Occupational Health & Safety standard and ISO 14001 Environmental Management System – this includes certifying Restore Digital’s NDA Nucleus and Hinton House locations.
It is my responsibility in ensuring Restore Digital’s internal audit and compliance programmes are effectively maintained and I report directly into the senior leadership team on all compliance performance metrics. In addition to this I also support the sales and bid teams in providing responses to information security and compliance related queries, as I am the subject matter expert within the business on information security practices, business standards and compliance advice.
Could you explain to our readers who might not be aware, what ISO certificates are, and why they are important?
ISO certification provides a business with an internationally recognised management system, which is aligned with both customer and legal requirements and supports the achievement of overall business objectives.
Restore Digital obviously manage important, confidential and sensitive data on behalf of our customers. What risk assessments are done on the Restore buildings to ensure any original documents aren’t damaged or destroyed while being prepared for digitisation?
Restore Digital have a comprehensive physical security assessment process in place which identifies compliance and areas for improvement so that the data security integrity of customer documentation is confidentially and securely protected.
The physical security assessment process is then evaluated and validated by the British Standards Institute as part of the certification of ISO 27001:2013.
What are the most common things you get asked as part of tender processes or the onboarding of new clients?
I would say the most popular or re-occurring questions I get asked are:
- Is Restore Digital compliant with GDPR?
- What information security certification does Restore hold?
- How does Restore securely and confidentially manage customer data?
- What measures does Restore take to protect personal identifiable and sensitive data?
What are the key things organisations should look for, when deciding whether a Business Continuity Plan (BCP) is robust?
That’s a really good question. A Business Impact Assessment (BIA) is a key and fundamental part of the BCP process and this determines and evaluates the potential effects of an interruption to critical business operations as a result of a disaster, accident or emergency.
When the processing of data is outsourced, as Restore Digital receive from our customer’s requirements, where does responsibility lie with regards to GDPR?
The responsibility is very clearly Restore’s to ensure data is managed and controlled inline with the 2018 UK Data Protection Act and the GDPR EU Directive. This requires documented ‘Data Processing Agreements’ are in place between Restore and the organisation to whom the data processing activities have been outsourced. Such agreements provide the requirements for ensuring personally identifiable data is processed lawfully in line with the requirements laid down in Article 23(3) of GDPR. The organisation to whom the processing of Data is Outsourced is responsible for compliance with the requirement laid down in the Data Processing Agreement and will need to satisfy Restore that they are able to comply with these requirements.
Thanks Martin, for taking the time to explain those key points today.
If you have any questions that you’d like to ask Martin, or any points raised in the interview that you’d like further information on, please don’t hesitate to get in touch: email@example.com