Being aligned to an industry standard for information security adds value and can help ensure a good reputation. Cyber Essentials represents the government baseline standard.
Any good information security programme relies on overarching content which ensures the details of a very broad subject are considered fully. Business continuity and disaster recovery are the mechanisms applied to minimise the impact of an outage. Asset management determines how the organisation protects objects of value and sensitive content from either theft, unauthorised access, or damage. Data retention focuses on how sensitive information is controlled throughout its lifecycle.
The physical site of the organisation can contain sensitive and valuable assets which need protecting. Discouraging theft and unauthorised access is a foundation of good information security. Acceptable use considers how employees use technology and information, providing guidance on the use of assets and information.
Having contractual agreements is good practice and a necessity when dealing with any volume of customer information. Regular vulnerability scanning, is also a worthwhile endeavour to protect the business.