Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Avoiding the £500,000 fine: Four steps to continuous audit-readiness for GCSX Code of Connection and other public sector regulations

Watch Now

To watch this webinar you’ll need an Infosecurity Magazine account. Log in or sign up for yours below.

Log In

Sign Up

Get up-to-the-minute news and opinions, plus access to a wide assortment of Information Security resources that will keep you current and informed.

This will be used to identify you if you take part in out online comments.
Your password should be at least six characters long. It is case sensitive. Passwords can only consist of alphanumeric characters or ~!@#$%^&*()_-+=?.

By registering you agree with our terms and conditions and privacy policy.

The GCSX Code of Connection (CoCo) is an important step in providing a secure infrastructure for public sector business. While most - if not all - local authorities have achieved compliance with the Code of Connection, authorities must still undergo annual audits. As such, compliance should not be viewed as 'point-in-time', but as a continuous journey which can be used as a catalyst for an improvement in overall organisational compliance, as opposed to simply a 'tick in the box' from an auditor.

Local authorities face numerous regulations in addition to CoCo, including PCI DSS, the Data Protection Act, and others − all with the intent to standardise the level of security that must be implemented.

Many organisations have learned that the cost of ad hoc and manual IT risk management and audit processes is far too high. The additional stress it places on an organisation is unacceptable and it is a very inefficient working practice. Without proper visibility of compliance and security practises, an information security breach, data loss or compliance related incident can rapidly turn into an election issue and ultimately cost political posts.

Furthermore, as of 6 April 2010, the Information Commission can impose a civil penalty of up to £500 000 for serious breaches on data controllers under the Data Protection Act.

It is vital that organisations understand the difference between compliance and information security. Organisations should be ready for audit 24/7. With the availability of sophisticated tools, the workflows behind supporting compliance requirements can be significantly reduced and continuous monitoring put in place to support an audit ready organisation.

This webinar will:

  • Highlight the regulatory climate and compliance enforcement
  • Explain how being compliant does not ultimately mean you are secure
  • Examine the four key steps you can take to ensure continuous audit-readiness and improve security
  • Detail the capabilities that can help streamline IT risk management processes and enable continuous compliance
  • Further enhance your understanding of compliance requirements and put in place the key steps to meeting regulatory requirements

This webinar is for:

  • Compliance and IT risk managers looking to streamline audit workflows
  • IT managers looking to have compliance initiatives improve overall security
  • Security and business professionals who are responsible for compliance and the protection of confidential and sensitive information

CISSPs, SSCPs and ISACA members can receive 1 CPE credit for attending each webinar. You can earn the credit by simply specifying your number on the registration form and correctly answering 3 multiple choice polling questions about the program at the end of the event.


Alan Bentley

Alan Bentley Regional Vice-President, EMEA, Lumension

    Nigel Stanley

    Nigel Stanley Specialist in business technology and IT security