How the new Guernsey Financial Services Commission’s Cyber Security Rules and Guidance affects your business
Last week, the GFSC published its long-awaited Cyber Security Rules and Guidance for regulated businesses. This article takes a deeper look into what the rules and guidelines will mean for your business and how Resolution IT can help you to adapt.
The new Cyber Security Rules and Guidance have been created following extensive engagement across the industry over the past two years and have been constructed to be principles-based, allowing for application across the Bailiwick’s diverse financial sector.
Whilst the rules come into operation immediately, there will be a transition period to allow firms to implement changes to their internal controls in a bid to ensure compliance by the pre-determined deadline of 9th August 2021.
The GFSC’s Core Principles
The GFSC’s Cyber Security Rules and Guidance are built on five core principles.
● IDENTIFY: The guidance specifies that a firm should ensure that it’s able to identify the assets and data it holds and assess the damage to the business. This involves noting whether it’s lost access to its assets, or if the data it holds were to suffer a breach of confidentiality, integrity, or availability.
These assets don’t have to be limited to traditional IT assets and could extend to systems, people, and data assets.
Through Resolution IT’s Managed Security Services, we can offer your business Cyber Security Assessments to help you to identify your vulnerabilities and act decisively on them.
● PROTECT: This principle stipulates that the licensee must ensure that it has the appropriate policies and controls in place to mitigate the risks it has identified and to ensure, where possible, the delivery of critical infrastructure during and following a cybersecurity event.
Our IT Cyber Compliance services ensure that your organisation will operate in tune with a range of regulatory frameworks relating to protective Cyber Essentials, IASME governance (which includes GDPR) audited certificates too.
● DETECT: Additionally, the licensee must have appropriate mechanisms in place in order to identify the occurrence of a cyber security event.
We offer tailored cyber security training to make sure your organisation’s staff will never be your weak link. Our cyber security sessions last 60-90 minutes and cater to between 1 and 12 people - meaning that businesses of all sizes will be well-covered. Having a skilled team in place capable of detecting cybersecurity events, it’s possible to act affirmatively to mitigate any attacks.
● RESPOND: Here, licensees must demonstrate that there is a plan in place which aims to mitigate disruption caused by a cyber security event.
Resolution IT’s Managed Security Services enable your business to outsource its quality and install a skilled team that can manage your firewalls, endpoint detection responses, and manage your vulnerability scanning.
● RECOVER: Finally, the licensee must be able to demonstrate that they are aware of the appropriate steps that need to be taken in order to restore business capabilities following a cyber security event. They must also ensure that essential activities are capable of being undertaken in the interim period.
Our Cyber security Consultancy services help to offer you bespoke guidance every step of the way from ramping up your compliance efforts to recovering in the immediacy of a cyber security event. With Resolution IT, you’re never alone.
The Significance of Accreditation
On page 3 of the guidelines, the GFSC acknowledges that there’s “no ‘one size fits all’ approach to addressing cyber security risks with specific business circumstances varying greatly from firm to firm. It may be appropriate for firms to consider accreditation or certification from a recognised body, such as Cyber Essentials, or Cyber Essentials Plus.”
The guidelines stipulate that accreditations can play a key role in helping businesses in meeting some of the requirements laid out. As Guernsey’s first IT provider to become a Cyber Essentials certification centre. This means that you can enlist the help of Resolution IT in order to find the accreditation that you’ll need to comply with the new guidelines.
Governance For All Businesses
The GFSC’s guidelines have been designed as a blueprint for all businesses to adhere to, not just those licensed by the GFSC.
When it comes to cybercrime, criminals don’t discriminate based on a firm’s allegiances or licensing.
Respecting The Transition Period
If your business is required to make changes in order to adhere to the new regulations, don’t panic. Although the GFSC’s Cyber Security Rules and Guidance has come into effect immediately, there is a transition period until August 9th in order to give companies the time they need to comply.
Are there gaps in your cyber security framework? Don’t worry, it’s not too late. Resolution IT can work with you to ensure that you’re fully compliant by the deadline. Our adaptable services, including offering Cyber Essentials and Cyber Essentials + certifications as an ideal starting point to ramp up your security levels.
We also offer IASME certification which covers virtually all points of the GFSC requirements - with any lingering gaps covered.
As Guernsey’s first IT provider to become a Cyber Essentials certification centre, Resolution IT offers businesses leading Managed Security services to help you to not only stay compliant but also to keep your business safe from cybercrime.
Get in touch today to see how Resolution IT can make your business GFSC Cyber Security Rules and Guidance compliant.