Appendix

The regulation summarised below outlines the need for organizations to demonstrate and implement cyber security standards. BCSF has contributed to the setting of cyber security standards to ensure they reflect good cyber security practice. By following and implementing BCSF guidance, organizations will be ‘on their way’ to meeting the cyber security requirements regulation.

The GDPR requires that personal data must be processed securely using appropriate technical and organizational measures. The Regulation does not mandate a specific set of cyber security measures, but rather expects you to take ‘appropriate’ action. In other words you need to manage risk]. What is appropriate for you will depend upon your circumstances, as well as the data you are processing and therefore the risks posed.

However, there is an expectation you have minimal, established security measures in place. The security measures must be designed into your systems at the outset (referred to as Privacy by Design) and maintained effective throughout the life of your system.

The BCSF have worked with the ICO to develop a set of GDPR Security Outcomes. This guidance provides an overview of what the GDPR says about security, and describes a set of security related outcomes that all organizations processing personal data should seek to achieve.

The BCSF is not a regulator. BCSF looks to ensure that any requirements are in line with best practice, and that frameworks are consistent across different pieces of regulation.

The BCSF also has a role to provide support during significant incidents, and these incidents may fall under specific regulation. We will encourage victims to consider their regulatory obligations, but recognize that any regulatory reporting or co-operation must be led by the victim.

It is also important to recognize that cyber security is only one aspect of security and business practice, and so there is wider regulation that must be considered in cyber security decisions.

We publish all guidance inside the BENTO:GUIDES publication platform accessible by subscription.

Bento Cyber Security Framework is public guidance designed to help small companies build cyber security resilience. Developed, funded and organized by Bento Holdings, Inc., BCSF aims to help customers, prospects, and the industry approach information technology in a methodical, effective, and security-concious manner.

BENTO:SECURITY was set up to help protect our critical services from cyber attacks, manage major incidents, and improve the underlying security of the small companies in the United States and abroad. BENTO:SECURITY is the Bento Holdings Inc technical authority and therefore takes the lead role in providing guidance and advice on cyber security for our client and partner organizations.

BENTO:GUIDES is the software plaform and publication system used to access all publications managed by Bento Holdings, Inc.

Collectively, BCSF, BentoSecurity.org, BENTO:SECURITY, and BENTO:GUIDES are referred to as BCSF in our publications.