• Services
    Business Transformation

    Business Transformation

    We analyse your business and processes to help you implement the right technologies, making best use of your existing investments.
    Learn more
    IT Support & Services

    IT Support & Services

    We offer a range of IT Support and Services to a diverse client base, with varied requirements.
    Learn more
    Security & Governance

    Security & Governance

    Effective Information Governance and Security underpins our approach to Regulatory and Compliance requirements.
    Learn more
    Cloud & Managed Services

    Cloud & Managed Services

    We offer a range or cloud and managed services to partially or completely manage and control a client’s cloud platform, including migration, maintenance and optimisation.
    Learn more
    Consultancy & Training

    Consultancy & Training

    We provide a range of consultancy services to help clients assess different technology strategies and, in doing so, align their technology strategies with their business or process goals.
    Learn more
  • About us
    The Team

    The Team

    Our team of personnel have many decades of experience between them in both public and private sector IT environments.
    Learn more
    Careers

    Careers

    We are continuously looking for technical experts who have a positive attitude to join us.
    Learn more
    CSR

    CSR

    We encourage and support our people to give something back to their local communities.
    Learn more
    ESG

    ESG

    Our ESG approach
    Learn more
    History

    History

    Clarity Limited was founded in 2022
    Learn more
  • Case studies
  • News & Insights
  • Contact

What the GFSC Cyber Security Rules and Guidance 2021 mean for your business.

Cyber Security
27 April 2022

The Guidance issued states that all Guernsey licensed institutions are required to have robust policies, procedures and controls in place to identify, assess and manage cyber security risks on an ongoing basis consistent with the minimum licensing requirements.

 

Guernsey Financial Services Commission

The five core principles (Identify, Protect, Detect, Respond & Recover) that the GFSC outlines are most often associated with the NIST* framework but ISO 27001 and the IASME Governance Standard** are broadly equivalent.

Many companies in Guernsey and Jersey now have Cyber Essential accreditation, which assures compliance with many of the technical elements required by the GFSC, but as they correctly state, this certification will not result in full compliance.

The goals of NIST, ISO 27001 and IASME Governance are the same, with the emphasis on identifying, evaluating and managing the acceptable risks to information systems. All three frameworks require an Information Security Management System (ISMS).

The GFSC state that “accreditation alone is unlikely to result in full compliance” and from a technical perspective they are correct. Robust Cyber Security requires an ISMS built on three pillars: people, processes and technology. An ISMS developed in accordance with the IASME Governance Standard and which also incorporates technical controls can and will demonstrate compliance to the Cyber Security Rules published by the GFSC.

The new requirements are extensive and far-reaching and it would be no exaggeration to say that many, or most, licensed institutions do not comply with the new Cyber Security rules.

Cyber Security Rules, 2021
Cyber Rules and Guidance, 2021

How can Clarity help?

We can help your business by undertaking Cyber Essentials Plus audits, or simply providing consultation based on both the Cyber Essentials Plus or IASME Governance standards by our IASME accredited personnel.

We can help you develop an ISMS and in doing so you will be able to clearly demonstrate compliance with the requirements of the newly released Cyber Security Rules by gaining the IASME Governance Standard.

*National Institute of Standards and Technology – part of the United States Department of Commerce.

** The IASME Governance standard was developed over several years during a UK Government funded project to create a cyber-security standard which would be an affordable and achievable alternative to the international standard, ISO 27001.

  • Get in touch

    Contact Grant Hamilton on 01481 701234.

    See how Clarity can provide certification, or consultation, to your business around the recently released Cyber Security Rules, 2021.

More news