The IASME Cyber Assurance is IASME’s comprehensive, flexible, risk-based certification scheme that was developed for SMEs as an effective and legitimate alternative to ISO27001. Certification provides assurance that an organisation has put into place a range of important cyber security, privacy and data protection measures and is starting to play a key role in securing supply chains in the UK and abroad.
The implications of PIPA
Bermuda has recently announced that privacy legislation designed to protect personal data and information is expected to come into force on January 1, 2025.
Since the Personal Information Protection Act (PIPA) was enacted in 2016, the Government of Bermuda and the Privacy Commissioner have been busy developing governance operations, organising administration resources and educating the public and businesses who collect and use personal information of their respective rights and obligations under PIPA.
PIPA aims to make sure that individuals have control of how their personal information is used. Just as other organisations who are subject to similar privacy laws around the world have done, Bermuda organisations will have to review all of their business processes with a view to possibly revising many of them into PIPA-compliant practices.
A partnership between PrivCom and IASME
In order to give organisations a way to implement and demonstrate that they are compliant with the new PIPA regulations, The Office of the Privacy Commissioner (PrivCom) and its Innovation Unit have formed a partnership with the IASME Consortium. The partnership involves the development of a Bermuda PIPA-focused element of the Cyber Assurance standard to meet the need for an accessible verified-assessment tool. This will help local organisations assess their privacy and security controls and practices against a recognised framework and improve compliance with privacy regulations, privacy management, and cybersecurity requirements.
CEO of IASME, Dr Emma Philpott MBE says, “IASME are excited to be working with PrivCom on this important project. It is fantastic to see such a proactive attitude to privacy and security and we are looking forward to training the first cohort of Assessors.”
The IASME Cyber Assurance standard is the only current way to demonstrate compliance with the Personal Information Protection Act.
There are approximately 18,000 companies in Bermuda and many others that process or store data from around the world that will need to comply to the PIPA law. It is expected that many of these organisations will certify to the IASME Cyber Assurance standard in order to demonstrate compliance.
Opportunity for Bermuda based consultants to train as Assessors and register their companies as Certification Bodies.
IASME already work with a network of over 300 expert cyber security consultancies, known as Certification Bodies (CBs). They are licensed and trained to help organisations understand the requirements of our cyber security schemes and prepare for certification. Assessors working for the Certification Bodies can mark the assessments, give feedback and if required, audit the applicant’s IT infrastructure.
PrivCom’s relationship with IASME supports Bermuda’s business and workforce by providing opportunities for Bermudian organisations to become an IASME Certification Body.
Assessor training is coming to Bermuda on the following dates:
-
10- 11 July 2023
-
12- 13 July 2023
-
18-19 October 2023
The training sessions are face-to-face and open to anyone internationally that is interested in developing their career in cyber security and data privacy and would like to attend.
This year’s Global Privacy Assembly Annual Meeting will be held in Bermuda during October and IASME will be present to be able to discuss opportunities around the Cyber Assurance scheme. IASME will also be running Assessor training during the closed sessions of the event. This provides a perfect opportunity to train against the IASME standards while visiting the GPA.
Cha’Von Clarke-Joell is Assistant Commissioner/Head of Innovation at the Office of the Privacy Commissioner for Bermuda, she comments, “This is an exciting and significant development for Bermuda’s economy and the information privacy sector. Local Assessors can register with Certification Bodies on the island, the UK, the US, and in Europe to offer services globally to any entity that uses the IASME standard while working virtually from Bermuda, thus contributing to the island’s economic growth with flexible and remote working conditions.”
Sponsors of the Assessor training event, ABIR
The Association of Bermuda Insurers and Reinsurers (ABIR) are the Assessor training event sponsor for July 2023.
Often referred to as the ‘risk capital of the world’, Bermuda is one of the globes biggest insurance hubs. The Association of Bermuda Insurers and Reinsurers (ABIR) represents the public policy interests of Bermuda’s international insurers and reinsurers and that protect consumers around the world.
How to get involved?
The PIPA-focused IASME Cyber Assurance certification programme will be introduced to Bermuda in August 2023. Entities of all sizes and across sectors that are interested in joining the initiative can contact the PrivCom Innovation Unit to learn more about eligibility requirements.
Email – [email protected]
Call -441-543-7742
If you are a cyber security or privacy professional and are interested in the Assessor training, please email [email protected] to find out more information or book your place.