"DataSeal" Information Security Standard for Direct Marketing Industry
DataSeal is the first information security standard to be produced specifically for the direct marketing industry. It is a private standard exclusively available to members of the Direct Marketing Assocition (DMA). Developed by the DMA in conjunction with British Standards Institution BSI with input from URM, DataSeal is the only recognized UK standard for information security management systems other than ISO 27001.
DataSeal provides an accessible, achievable and cost-effective route for DMA client and supplier members to demonstrate that they have implemented appropriate information security measures when handling customer data. The Standard enables corporate clients to identify those DMA member organisations which meet prescribed information security standards. At the same time, it enables members to demonstrate the importance they attach to the safe and secure storage, usage and transfer of client and prospect data
The DataSeal Standard was conceived following the extensive and adverse media coverage surrounding the loss of personal data by government departments and businesses. This resulted in a DMA review which examined in detail the advice being provided to members regarding the storage or transfer of customer and prospect data. One of the findings of this review was the identification of the potential benefits to be gained by members certifying with external information security standards.
The standard specifically sets out performance requirements for:
- traceability and responsibility of data
- acceptable use
- access control
- passwords
- virus/spy prevention
- internet/network security
- system/server security
- back-ups
- data storage and elimination
To illustrate, DataSeal states for example that "Passwords should be known only to authorised people and the passwords changed regularly." Each of the measures detailed within the Standard can be independently verified by BSI thereby enabling an organisation to certify against DataSeal.
Relationship between DataSeal and ISO 27001
'DataSeal' provides a stepping stone approach to certification to ISO 27001, accepted within both private and public sectors as the leading source of information security best practice. Central to both Standards is the risk assessment, a process that ensures that the areas at highest risk are prioritised and only appropriate controls are deployed.
How URM Can Help?
URM is member of the DMA and was one of the first organisations to certify to DataSeal. URM has been involved with the Standard from its inception providing input to the preparation of the requirements document as well as providing support through launch and workshop events. URM is one of three DMA recommended data security consultants and can support member organisations to understand its readiness for assessment and/or the efforts required to comply with DataSeal and prepare for a BSI audit. This support includes:
- Conducting a readiness assessment
- Identifying areas for improvement prior to BSI assessment
- Identifying key information assets and undertaking an information risk assessment
- Conducting user awareness training to ensure that the requirements within the DataSeal Standard are embedded within the organisation
- Assisting the organisation to write pragmatic information security policies and procedures
For more details on how to apply for DataSeal please refer to the DMA's DataSeal Website
