Avoiding the £500,000 fine: Four steps to continuous audit-readiness for GCSX Code of Connection and other public sector regulations

Watch Now

To watch this webinar you’ll need an Infosecurity Magazine account. Log in or sign up below.

Log in
Sign up

Get up-to-the-minute news and opinions, plus access to a wide assortment of Information Security resources that will keep you current and informed.

This will be used to identify you if you take part in our online comments.

Your password should:

  • be at least eight characters long
  • be no more than 25 characters long
  • contain at least one uppercase, lowercase and special character
  • contain at least one digit
  • only contain alphanumeric characters or ~!@#$%^&*()_-+=?.

For more information explaining how we use your information please see our privacy policy.

By registering you agree with our terms and conditions.

The GCSX Code of Connection (CoCo) is an important step in providing a secure infrastructure for public sector business. While most - if not all - local authorities have achieved compliance with the Code of Connection, authorities must still undergo annual audits. As such, compliance should not be viewed as 'point-in-time', but as a continuous journey which can be used as a catalyst for an improvement in overall organisational compliance, as opposed to simply a 'tick in the box' from an auditor.

Local authorities face numerous regulations in addition to CoCo, including PCI DSS, the Data Protection Act, and others − all with the intent to standardise the level of security that must be implemented.

Many organisations have learned that the cost of ad hoc and manual IT risk management and audit processes is far too high. The additional stress it places on an organisation is unacceptable and it is a very inefficient working practice. Without proper visibility of compliance and security practises, an information security breach, data loss or compliance related incident can rapidly turn into an election issue and ultimately cost political posts.

Furthermore, as of 6 April 2010, the Information Commission can impose a civil penalty of up to £500 000 for serious breaches on data controllers under the Data Protection Act.

It is vital that organisations understand the difference between compliance and information security. Organisations should be ready for audit 24/7. With the availability of sophisticated tools, the workflows behind supporting compliance requirements can be significantly reduced and continuous monitoring put in place to support an audit ready organisation.

This webinar will:

  • Highlight the regulatory climate and compliance enforcement
  • Explain how being compliant does not ultimately mean you are secure
  • Examine the four key steps you can take to ensure continuous audit-readiness and improve security
  • Detail the capabilities that can help streamline IT risk management processes and enable continuous compliance
  • Further enhance your understanding of compliance requirements and put in place the key steps to meeting regulatory requirements

This webinar is for:

  • Compliance and IT risk managers looking to streamline audit workflows
  • IT managers looking to have compliance initiatives improve overall security
  • Security and business professionals who are responsible for compliance and the protection of confidential and sensitive information

CISSPs, SSCPs and ISACA members can receive 1 CPE credit for attending each webinar. You can earn the credit by simply specifying your number on the registration form and correctly answering 3 multiple choice polling questions about the program at the end of the event.


Photo of Alan Bentley

Alan Bentley

President of Global Strategy, Blancco

Photo of Nigel Stanley

Nigel Stanley

CTO for OT and Industrial Cybersecurity, TUV Rheinland

Should you watch this webinar your information may be shared with the sponsors indicated above. Please see Infosecurity Magazine’s privacy policy for more information.