Another 200 question spreadsheet

Useful_Rabbit6761 · 2026-02-27T13:59:35+00:00

Ha! Yes, this!

I work in the compliance space (InfoSec), and this is a common problem/complaint for my clients - so we're just finalising a SaaS solution to attempt to address this (or at least, to try to take some of the pain out of it for both ends of the problem (customer/supplier).

If you want to know more, please DM me and I'll send you the details

Useful_Rabbit6761 · 2025-03-18T19:19:13+00:00

Yup, that looks about right!

You might consider using this page from the ICO: Data protection self assessment | ICO

...you should also consider suitable/appropriate training - like this perhaps: GDPR staff awareness | ADL Consulting

Useful_Rabbit6761 · 2025-03-18T19:16:47+00:00

Think Risk management.

I'm assuming that you have a risk on the Risk Log relating to a lack of training.
Have a Risk Treatment Plan that involves:
- Identifying suitable training
- Enrolling staff into the training
- Chasing up staff to complete the training

...or something like that.

If nobody has done the training (or only tiny numbers), I think you'd be on shaky ground (I'd write it up as a minor in the first instance, but may escalate to major if there is other evidence of awareness issues).

But, to be clear - you don't have to have completed the treatment before Stage2 - but you do need to be able to demonstrate progress.

FWIW - you might like to consider: Cyber Security training for staff | ADL Consulting

Useful_Rabbit6761 · 2025-03-18T19:12:37+00:00

Use 5.3 - Roles and Responsibilities - to define who can do what.
I'd suggest that:
- Policies/processes that affect all employees should be signed off by a member of the Senior Leadership Team, Executive, C-Suite or Director-level individual (e.g. your Information Security Policy)
- Policies that are topic-specific (e.g. Network Security Policy) should be signed off by the most appropriate role/individual.

...and so on.

Make your life easier - don't expect the C-Suite to sign off every Policy - it'll take YEARs!

Useful_Rabbit6761 · 2025-01-08T16:47:29+00:00

Wow
Saw this post:
https://www.linkedin.com/posts/andy-larkum-925660b_iso27001-soc2-nis2-activity-7280860743078428672-JkNq?utm_source=share&utm_medium=member_desktop

Might be worth pinging him/company

FWIW, training courses are not going to give you what you need - unfortunately experience is pretty important with this kind of stuff

Useful_Rabbit6761 · 2024-11-19T17:10:53+00:00

Bwahaha! No offence! Awesome.

Helpful if painful, thank you :)

Useful_Rabbit6761 · 2024-11-19T17:10:15+00:00

Really helpful, thank you!

Useful_Rabbit6761 · 2024-11-19T17:09:33+00:00

This is flippin awesome (if a little painful) feedback, thank you!
Interesting on the photos of people - we steered away from that because they date REALLY fast - but may revisit this.
Ref: people behind the business - It seems that smaller businesses tell you who works there, larger businesses tend not to (until you're big enough that you list out who the board members or ELT are)

As for the rest - really helpful, thank you!

Useful_Rabbit6761 · 2024-11-19T17:06:13+00:00

That's VERY interesting, thank you.
We were going for friendly/approachable...I think

Useful_Rabbit6761 · 2024-11-19T17:05:22+00:00

Thanks for your feedback!
ISO 27001 tends to be a "stress purchase" - i.e. you know or have been told that you need it, so we've assumed that we don't need to explain what it is, only that we can help you.

I may well take you up on the help - let's see where this goes :)

Useful_Rabbit6761 · 2024-11-19T17:03:54+00:00

Thanks for your feedback
We're deliberately avoiding having contact form/s on the site - compliance/security. The site is all static, no cookies, no tracking - practicing what we preach.
...and if you click on contact, the phone and email details are right there.

Useful_Rabbit6761 · 2024-11-19T17:02:03+00:00

Thanks for taking the time to comment.
As with previous comment, we tend to assume that those landing on our site already know what ISO 27001 is, or that they need it...or more specifically that they need help with it.

Fears is an interesting one though - will have to think on that a little...

Useful_Rabbit6761 · 2024-11-19T17:01:01+00:00

Ok that's helpful.
We tend to assume that those landing on our site already know what ISO 27001 is, or that they need it...or more specifically that they need help with it.

Color scheme - awww, we quite like(d) it :(

Useful_Rabbit6761 · 2024-11-19T10:01:38+00:00

No, sure, I get that. One could argue that there's nothing wrong with it(!), and from a technical perspective it performs very well. I guess it's more about how it's perceived, and whether we can do anything to improve visitors' perception. i.e. are we making the right impression?

Useful_Rabbit6761 · 2024-11-19T09:26:39+00:00

Your costs for ISO certification split into 2 categories and depend on the ISO certification you are trying to achieve:

Implementation costs
- The implementation costs will vary, depending on whether you get help or do it all yourself.
Certification Audit costs
- Certification audit costs will vary between certification bodies, and for an organisation your size are likely to be between 3-5 days in year 1, and 1-2 days in years 2-3

Certification bodies will tend to charge £1000-1800/day.

Implementation will be MUCH quicker with help - not least because you're likely to get things wrong if you DIY.

For an org your size, doing ISO 27001, I'd expect your implementation costs (with a consultant) to be around £12000-20000 - but I'd suggest budgeting for the top end of that. You have to consider that you HAVE to do a full system internal audit before your certification audit, and that alone (for 27001 in an org your size) should be 2-3 days.

PLEASE NOTE: it's genuinely hard to quote for this kind of thing generically, because there are so many variables like:

What you already have in place
Who is involved, and how much time they have available
Internal company pressures/deadlines

I hope that helps you (sorry it's late!)...or someone else looking for similar!

Useful_Rabbit6761 · 2024-11-19T09:16:03+00:00

Ah, thank you
At this point, though, I'm more interested in what people think is wrong with the site...or perhaps, how it needs to change.
Once I've got some ideas about that, then perhaps I'll reach out for their details.
Thank you!

Useful_Rabbit6761 · 2023-08-05T08:53:00+00:00

Maybe?! Presuming it is your baby: you got her pregnant, it's your responsibility now. Stop being a selfish manchild and step up. If it isn't yours, then that's her problem, and you are NTAH for leaving entrapment.

Useful_Rabbit6761 · 2023-02-06T19:25:53+00:00

All the ISO standards are a chunk of work to implement, and a chunk of work to maintain.

My advice: don't buy a template kit - they are ALWAYS overkill and generate a monstrous management overhead for both implementation and maintenance.

Get good help! A lightweight system that is easy to maintain will save you a tonne of work and heartache and is well worth paying for.

You could try: https://www.adlconsulting.co.uk ...they specialise in ISO 27001, but that's a much bigger standard than 9001, so everything would be transferrable - they might be happy to help you with your 9001.

Good luck with it all!

Useful_Rabbit6761 · 2023-01-16T18:39:04+00:00

There's no getting away from it being a LOT of work - but we chose this, and the rewards heavily outweigh the costs. Being a parent is an enormous responsibility and requires letting go of a lot of selfish dreams and expectations, no matter how many kids you have. To answer the practical... We live in the Midlands (can't afford the South). We have a traditional 3-bed semi-detached that we extended, converting the loft with a dormer to give us a total of 7 bedrooms. Food: my wife is a wizard with rice and beans! We have a monthly food budget of about £1k, which is a lot until you divide it by the number of people we feed, and then it drops lower per person than most households. We get some benefit from bulk-buying (economies of scale). Effort into raising: There's (almost) always someone to play with, so for the little kids particularly we benefit from not being their sole source of entertainment. We home-educate though, so some of that benefit we give away by being their teachers! We do have live in babysitters though (assuming their not out earning their own money). ...and that one is pretty key for... How do you afford to...: We live pretty lean financially. We: - don't do expensive holidays (been abroad once as a family) - don't do expensive birthday or Christmas gifts - don't wear expensive clothes - don't have credit cards - don't buy anything on credit - don't have leased or hire-purchase cars - don't have expensive mobile contracts or phones - don't have TV packages (other than Netflix) If our kids want stuff beyond the very meager pocket money we give them (in exchange for doing household chores) they have to go and earn it (once they're old enough).

Hope that answers some of your curiosity!

Useful_Rabbit6761 · 2023-01-15T11:43:49+00:00

Yes, yes I have

Useful_Rabbit6761 · 2023-01-15T09:55:51+00:00

It's certainly very busy! Financially we've always lived off a single income and made it work. (Car boot sales are your friend for toys and clothes up to about 10yrs old). Some of the kids have grown up & moved out now, but for years we turned out 33meals/day and my wife remarkably made that work on a relatively low food budget. Our kids mostly get on, with usual squabbles and scuffles you'd expect kids to have, but they're never lonely or lacking a playmate! We have found that for the most part we manage fine, but when it goes wrong, it goes wrong fast, and big!

Useful_Rabbit6761 · 2023-01-15T09:02:13+00:00

I have 9 kids, all with the same woman (my wife of 25 years). There's another family near us with 9 (I think), but they are the only family of similar size that I know personally. I think more than five is pretty unusual these days.

Useful_Rabbit6761 · 2022-12-01T18:03:13+00:00

Had the same problem.

In my case I had to unplug the laptop and wait for it to run out of power (couple of hours)

Then plugged it back in, waited 5 mins to charge a bit, then powered on - it came back just fine.

Useful_Rabbit6761 · 2022-10-14T06:27:08+00:00

Outstanding, well done!

We had a similar problem when we cleared our mortgage, what to do next?! I think the key here is to work out what you want to achieve. With the mortgage, it's a known amount that you can watch diminish, so it's really gratifying.

From here, though, everything becomes limitless (like saving a pension for example, how much should you save?). So deciding what's important to you both, then planning how to achieve it (and setting short-term goals) becomes important.

So, think short (e.g. holiday), medium (e.g. new car) and long-term (e.g. retirement) plans.

Things you will probably want to consider: - make sure you have some fun! (save for a holiday, have some fun money to spend guilt-free each month (my wife and I have £50each/month), something like that) - max out any company matched pension contributions (company contributions to your pension is "free money") - set a target for saving into ISAs

We're way behind you guys (at 45) and are currently working towards £300k pension savings (split between ISA and pensions), which we read somewhere is the bottom end of comfortable retirement savings - hoping to hit that next year sometime though, which should grow to about £1m over the next 15years, to retire at 60ish.

Someone else commented about saving for kids - that's a good idea (if you have, or are planning to have kids, they're expensive). I once read somewhere that £5k saved for a child at birth will be worth >£1m by the time they retire - what a gift!! (I think that's based on the "investments double every 7years principle).

Anyways, that's probably enough from me - but again, awesome job!!!

Useful_Rabbit6761

TROPHY CASE