UK GDPR and Data Protection Act 2018: Core data protection legislation governing how personal data must be processed, stored and protected in the UK following Brexit. Essential for any security risk assessment involving personal data.
Official Secrets Act 1989: Legislation protecting state secrets and official information. Crucial for security assessments involving government or classified information.
Counter-Terrorism and Security Act 2015: Legislation addressing terrorist threats and security measures. Important for risk assessments involving potential terrorist threats or critical infrastructure protection.
Health and Safety at Work etc. Act 1974: Primary legislation for workplace safety, including physical security measures and emergency procedures that must be considered in risk assessments.
Network and Information Systems Regulations 2018: Regulations governing cybersecurity and network resilience, particularly important for digital infrastructure and online systems security assessment.
Civil Contingencies Act 2004: Framework for emergency planning and business continuity, essential for disaster recovery and emergency response planning in security assessments.
Critical Infrastructure Protection regulations: Regulations protecting vital infrastructure assets. Key for security assessments of essential services and critical national infrastructure.
Telecommunications (Security) Act 2021: Recent legislation focusing on telecommunications security, crucial for assessments involving communications infrastructure and services.
ISO 27001: International standard for information security management systems, providing framework for security risk assessments and controls.
ISO 31000: International standard for risk management principles and guidelines, providing structured approach to risk assessment and management.
