ITIL^(R) 4 is the latest evolution of the leading best-practice framework for ITSM (IT service management). It has been significantly updated from ITIL v3 and addresses new ITSM challenges, includes new technologies and incorporates new ways of working.

ITIL^(R) Foundation Essentials ITIL 4 Edition is the ultimate revision guide for candidates preparing for the ITIL 4 Foundation exam. It is fully aligned with the Foundation course syllabus and gives a clear and concise overview of the facts.

Whether you are taking an ITIL 4 Foundation training course or are a self-study candidate, new to the framework or looking to upgrade your ITIL 2011 certification, this guide is the essential companion. It:

This second edition has been updated to align with amendments to the ITIL^(R) 4 Foundation syllabus, including:

Start preparing for your ITIL Foundation exam - order your copy today.

ITIL(R) is a registered trade mark of the PeopleCert group. Used under licence from PeopleCert. All rights reserved.

This pocket guide serves as an introduction to the National Institute of Standards and Technology (NIST) and to its Cybersecurity Framework (CSF). This is a US focused product.

Now more than ever, organizations need to have a strong and flexible cybersecurity strategy in place in order to both protect themselves and be able to continue business in the event of a successful attack.

The NIST CSF is a framework for organizations to manage and mitigate cybersecurity risk based on existing standards, guidelines, and practices.

With this pocket guide you can:

• Adapt the CSF for organizations of any size to implement
• Establish an entirely new cybersecurity program, improve an existing one, or simply provide an opportunity to review your cybersecurity practices
• Break down the CSF and understand how other frameworks, such as ISO 27001 and ISO 22301, can integrate into your cybersecurity framework

By implementing the CSF in accordance with their needs, organizations can manage cybersecurity risks in the most cost-effective way possible, maximizing the return on investment in the organization's security. This pocket guide also aims to help you take a structured, sensible, risk-based approach to cybersecurity.

ITIL(R) 4 Direct, Plan and Improve

If you've achieved your ITIL(R) 4 Foundation certificate, you're probably planning the next stage in your ITIL journey and which qualification to work towards. DPI provides essential knowledge and capabilities for service management professionals, supporting those involved in directing or planning based on strategy and continual improvement - a must-have skillset practitioners should seek beyond Foundation level.

DPI is the only one of the ITIL 4 advanced level courses that leads to both Managing Professional (MP) and Strategic Leader (SL) status. The module is aimed at managers and aspiring managers at all levels, providing them with the practical skills needed to improve themselves and their organisation by way of effective strategic direction and delivering continual improvement.

An excellent supplement to any training course

ITIL(R) 4 Direct, Plan and Improve (DPI) - Your companion to the ITIL 4 Managing Professional and Strategic Leader DPI certification is a study guide designed to help students pass the ITIL(R) 4 Direct, Plan and Improve module.

The majority of this book is based on the AXELOS ITIL(R) 4: Direct, Plan and Improve publication and the associated DPI Strategist syllabus. It provides students with the information they need to pass the DPI exam, and help them become a successful practitioner.

Suitable for existing ITIL v3 experts, ITIL 4 Managing Professional (MP) students, ITIL 4 Strategic Leader (SL) students, ITSM (IT service management) practitioners who are adopting ITIL 4, approved training organisations, IT service managers, IT managers and those in IT support roles, the book covers:

Key concepts;

Scope, key principles and methods;

The role of governance, risk and compliance;

Continual improvement;

Organisational change management;

Measurement and reporting;

Value streams and practices; and

Exam preparation.

A useful tool throughout your career

In addition to being an essential study aid, the author -- a seasoned ITSM professional -- also provides additional guidance throughout the book which you can lean on once your training and exam are over. The book includes her own practical experience from which she gives advice and points to think about along the way so that you can refer back to this book for years to come - long after you've passed your exam.

The essential link between your ITIL qualification and the real world - buy this book today!

ITIL(R) is a registered trade mark of AXELOS Limited. All rights reserved. This book is an official AXELOS licensed product.

About the author

Claire Agutter is a service management trainer, consultant and author. In 2020, she was one of Computer Weekly's Top 50 Most Influential Women in Tech. In 2018 and 2019 she was recognised as an HDI Top 25 Thought Leader and was part of the team that won itSMF UK's 2017 Thought Leadership Award.

Claire provides regular, free content to the ITSM community as the host of the popular ITSM Crowd hangouts, and is the chief architect for VeriSM(TM), the service management approach for the digital age. She is the director of ITSM Zone, which provides online ITSM training, and Scopism, a content and consulting organisation and the publisher of the SIAM Body of Knowledge.

The official guide for the EXIN SIAM(TM) Professional certification

SIAM (service integration and management) is an evolution of how to apply a framework for integrated service management across multiple service providers. It has developed as organizations have moved away from outsourced contracts with a single supplier to an environment with multiple service providers.

SIAM supports cross-functional, cross-process and cross-provider integration. It creates an environment where all parties:

• Know their role, responsibilities and context in the ecosystem
• Are empowered to deliver
• Are held accountable for the outcomes they are required to deliver

Service Integration and Management (SIAM(TM)) Professional Body of Knowledge (BoK), Second edition has been updated to reflect changes to the market and is the official guide for the EXIN SIAM(TM) Professional certification. This book will help candidates pass their Professional certification and expands upon the topics introduced in Service Integration and Management (SIAM(TM)) Foundation Body of Knowledge (BoK), Second edition.

The book will appeal to:

• Anyone wishing to build on their foundation-level knowledge of SIAM and achieve the SIAM(TM) Professional certification
• Customer organizations and their staff looking for guidance when managing a multi-service provider environment
• Service integrators and their staff wishing to work in a SIAM ecosystem effectively
• Internal and external service providers and their staff wishing to understand their role in a SIAM ecosystem
• Consultants in service management and other frameworks who wish to expand their knowledge

Prepare for your SIAM(TM) Professional exam and understand how SIAM can benefit your organization!

ITIL^(R) 4 Create, Deliver and Support

If you've achieved your ITIL^(R) 4 Foundation certificate, you're probably planning the next stage in your ITIL journey and which qualification to work towards. ITIL 4 Create, Deliver and Support (CDS) provides essential knowledge and capabilities for service management professionals, focusing on a value stream based approach to IT-enabled products and services - a must-have skillset practitioners should seek beyond Foundation level.

The majority of this book is based on the official AXELOS ITIL^(R) 4: Create, Deliver and Support publication and the associated Create, Deliver and Support Managing Professional syllabus. It provides students with the information they need to pass the Create, Deliver and Support exam, and help them become a successful practitioner.

Suitable for existing ITIL v3 experts, ITIL 4 Managing Professional (MP) students, ITSM (IT service management) practitioners who are adopting ITIL 4, approved training organisations, IT service managers, IT managers and those in IT support roles.

The guide focuses on:

• Service value system key concepts and challenges;
• Using a shift-left approach;
• Planning and managing resources in the service value system;
• The use and value of technology across the service value system;
• ITIL practices and value streams for new services and user support;
• How to create, deliver and support services; and
• Exam preparation.

A useful tool throughout your career

In addition to being an essential study aid, the author - a seasoned ITSM professional - also provides additional guidance throughout the book which you can lean on once your training and exam are over. The book includes her own practical experience from which she gives advice and points to think about along the way so that you can refer back to this book for years to come - long after you've passed your exam.

The essential link between your ITIL qualification and the real world - buy this book today!

ITIL(R) is a registered trade mark of the PeopleCert group. Used under licence from PeopleCert. All rights reserved.

ITIL^(R) 4 High-velocity IT

If you've achieved your ITIL^(R) 4 Foundation certificate, you're probably planning the next stage in your ITIL journey and which qualification to work towards. ITIL 4 High-velocity IT (HVIT) provides essential knowledge and capabilities for service management professionals, supporting those involved in the delivery of digital products and services and anyone working on digital transformation programs.

High-velocity IT is one of the ITIL 4 advanced level modules that leads to the MP (Managing Professional) certification. The module is aimed at professionals who are working in fast-paced environments, including adapting service management to work with Lean, Agile and DevOps.

The majority of this book is based on the official AXELOS ITIL^(R) 4: High-velocity IT publication and the associated High-velocity IT Managing Professional syllabus. It provides students with the information they need to pass the High-velocity IT exam, and help them become a successful practitioner.

Suitable for existing ITIL v3 experts, ITIL 4 MP students, ITSM (IT service management) practitioners who are adopting ITIL 4, approved training organisations, IT service managers, IT managers and those in IT support roles.

The guide focuses on:

• Digital product lifecycle and the ITIL operating model;
• High-velocity key behaviours;
• Principles, models and concepts;
• Ensuring: valuable investments, fast development, resilient operations and assured conformance; and
• Exam preparation.

A useful tool throughout your career

In addition to being an essential study aid, the author - a seasoned ITSM professional - also provides additional guidance throughout the book which you can lean on once your training and exam are over. The book includes her own practical experience from which she gives advice and points to think about along the way so that you can refer back to this book for years to come - long after you've passed your exam.

The essential link between your ITIL qualification and the real world - buy this book today!

ITIL(R) is a registered trade mark of the PeopleCert group. Used under licence from PeopleCert. All rights reserved.

Take the first steps to ISO 14001 certification with this practical overview.

This book provides practical advice on how to achieve compliance with ISO 14001:2015, the international standard for an EMS (environmental management system). With an EMS certified to ISO 14001, you can improve the efficiency of your business operations and fulfil compliance obligations, while reassuring your employees, clients and other stakeholders that you are monitoring your environmental impact.

This easy-to-follow guide takes a step-by-step approach, and provides many sample documents to help you understand how to record and monitor your organisation's EMS processes.

Ideal for compliance managers, IT and general managers, environmental officers, auditors and trainers, this book will provide you with:

• The confidence to plan and design an EMS. Detailed descriptions of the ISO 14001:2015 requirements will give you a clear understanding of the standard, even if you lack specialist knowledge or previous experience;
• Guidance to build stakeholder support for your EMS. Information on why it is important for an organisation to have an environmental policy, and a sample communications procedure will help you to raise awareness of the benefits of implementing an EMS; and
• Advice on how to become an ISO 14001-certified organisation. The book takes a step-by-step approach to implementing an 1SO 14001-compliant EMS.

Key features:

• A concise summary of the ISO 14001:2015 requirements and how you can meet them.
• An overview of the documentation needed to achieve ISO 14001:2015 accreditation.
• Sample documents to help you understand how to record and monitor your organisation's environmental management processes.

New for the second edition:

• Updated for ISO 14001:2015, including terms, definitions and references;
• Revised approach to take into account requirements to address risks and opportunities.

Your practical guide to implementing an EMS that complies with ISO 14001:2015 - buy this book today to get the help and guidance you need

Military doctrine of The People's Republic of China (PRC) envisages war being waged in five spheres: land, sea, air, outer space and cyberspace. The PRC believes that the early degradation, or destruction, of an enemy's command and control infrastructure will significantly improve its chances of ultimate victory. But the Chinese 21st century approach to cyberwarfare is both more sophisticated and comprehensive than that. This book examines the military background to today's doctrines, and explores how the teachings of Sun Tzu (The Art of War), the Thirty-Six Principles from the Warring States era and the hard-learnt lessons of Mao's Long March infuse and support the modern state's approach to engaging with enemies and rivals. Chinese cyberwarriors, operating from behind the Great Firewall of China, have substantial campaign experience, and this book reviews operations from Titan Rain - sustained multi-year cyberattacks against the US that started in 2003 - to the most recent, ShadyRAT. This book also reviews the contributions made to the overall Chinese cyberstrategy by civilian hackers and state-owned enterprises and looks at how Advanced Persistent Threats already undermine many of China's rival states and enterprises. China's rivals lack a coherent cyberstrategy of their own. They also do not understand the complex cultural, political and historical routes of the modern Chinese state and this is a significant weakness. This book helps everyone with an interest in cybersecurity to 'know their enemy'. William Hagestad II is an internationally-recognized expert on the Chinese People's Liberation Army & Government information warfare. He advises international intelligence organizations, military flag officers and multi-national commercial enterprises with regard to their internal IT security governance and external security policies. The linguistic, historical, cultural, economic and military aspects of Chinese cyberwarfare are his forte.

Written by an acknowledged expert on the ISO 27001 Standard, ISO 27001:2022 - An Introduction to Information Security and the ISMS standard is an ideal primer for anyone implementing an ISMS aligned to ISO 27001:2022. The guide is a must-have resource giving a clear, concise and easy-to-read introduction to information security.

Prepare for your SIAM(TM) Foundation exam and understand how SIAM can benefit your organization!

SIAM (service integration and management) is an evolution of how to apply a framework for integrated service management across multiple service providers. It has developed as organizations have moved away from outsourced contracts with a single supplier to an environment with multiple service providers.

SIAM supports cross-functional, cross-process and cross-provider integration. It creates an environment where all parties:

• Know their role, responsibilities and context in the ecosystem
• Are empowered to deliver
• Are held accountable for the outcomes they are required to deliver

Service Integration and Management (SIAM(TM)) Foundation Body of Knowledge (BoK), Second edition has been updated to reflect changes to the market and is the official guide for the EXIN SIAM(TM) Foundation certification. This book will help candidates pass their Foundation certification, as well as serve as a useful reference guide once they are implementing SIAM practices.

Suitable for anyone working in ITSM (IT service management), IT, service integration and project management, the book introduces the EXIN SIAM(TM) Foundation syllabus and provides essential reading for the Foundation exam. It also offers a detailed introduction to the SIAM methodology for those who do not want to undertake formal certification.

Safeguard your organisation's future with business continuity management

Business continuity - planning for, protecting against and ensuring recovery from disruptive events - is more important than ever.

In an increasingly volatile world - exemplified by the COVID-19 pandemic - organisations are looking at business continuity from a fresh perspective. The illusion of business as a rampart against which the waves of the world break harmlessly is shattered; it is no longer possible to pretend that an organisation can weather all storms equally, or that the limited contingencies organisations develop are sufficient to protect them.

As a result, more and more organisations are looking to ISO 22301 - the international standard that defines the requirements for a BCMS - to safeguard their future.

ISO 22301 requirements and business continuity best practice

ISO 22301:2019 and Business Continuity Management - Understand how to plan, implement and enhance a business continuity management system (BCMS) walks you through the requirements of ISO 22301:2019, explaining what they mean and how your organisation can achieve compliance. Whether you are seeking certification against the Standard or are simply looking to benefit from business continuity concepts and practices without developing a formal system, this book contains all you need to know.

It is an essential companion guide for those working in business continuity who are looking to introduce or optimise a BCMS aligned with ISO 22301.

The book provides a comprehensive introduction to business continuity best practice, including:

• Using ISO 22301
• Context, interested parties and scope
• Leadership, policy and responsibilities
• Planning
• Support
• Operation
• Business continuity strategies and solutions
• Business continuity plans and procedures
• Performance evaluation
• Improvement
• Certification

Suitable for business continuity managers, risk managers, compliance officers, senior managers, operations managers, project managers and consultants, this practical guide to ISO 22301 will show you how to develop and implement a BCMS so you can minimise the impact of a disaster on your business and continue to provide essential services to your customers, while reassuring all stakeholders that you take business continuity best practice seriously.

Minimise the impact of a disaster on your business with ISO 22301 - buy this book

ITIL(R) 4 Drive Stakeholder Value (DSV)If you've achieved your ITIL 4 Foundation certificate, you're probably planning the next stage in your ITIL journey and deciding which qualification to work towards. ITIL 4 DSV provides essential knowledge and capabilities for service management professionals, focusing on the engagements between a service provider and its customers, users, suppliers and partners, and how demand is converted into value via IT-enabled services.DSV is one of the ITIL 4 advanced level modules that leads to the MP (Managing Professional) certification. The module is aimed at managers and aspiring managers at all levels, providing them with the practical skills to build effective relationships across the SVS.An excellent supplement to any ITIL 4 DSV training courseThe majority of this book is based on the official AXELOS ITIL(R) 4: Drive Stakeholder Value publication and the associated Drive Stakeholder Value Managing Professional syllabus. It provides students with the information they need to pass the DSV exam, and help them become a successful practitioner.This book is suitable for ITIL v3 Experts, ITIL 4 MP students, ITSM (IT service management) practitioners who are adopting ITIL 4, approved training organisations, IT service managers, IT managers and those in IT support roles.The guide focuses on: The customer journey;Fostering stakeholder relationships;How to: shape demand and define service offerings, and align expectations and agree service details;Onboarding and offboarding;Continual value co-creation;Realising and validating service value; andExam preparation.A useful tool throughout your careerIn addition to being an essential study aid, the author -- a seasoned ITSM professional -- also provides additional guidance throughout the book, which you can lean on once your training and exam are over. The book includes her own practical experience, from which she gives advice, and points to think about along the way, so that you can refer back to this book for years to come - long after you've passed your exam.ITIL(R) is a registered trade mark of AXELOS Limited. All rights reserved. This book is an official AXELOS licensed product.

In the world as we know it, you can be attacked both physically and virtually. For today's organisations, which rely so heavily on technology - particularly the Internet - to do business, the latter is the far more threatening of the two. The cyber threat landscape is complex and constantly changing. For every vulnerability fixed, another pops up, ripe for exploitation.

This book is a comprehensive cyber security implementation manual which gives practical guidance on the individual activities identified in the IT Governance Cyber Resilience Framework (CRF) that can help organisations become cyber resilient and combat the cyber threat landscape.

Suitable for senior directors (CEO, CISO, CIO), compliance managers, privacy managers, IT managers, security analysts and others, the book is divided into six parts:

Part 1: Introduction. The world of cyber security and the approach taken in this book.

Part 2: Threats and vulnerabilities. A discussion of a range of threats organisations face, organised by threat category, to help you understand what you are defending yourself against before you start thinking about your actual defences.

Part 3: The CRF processes. Detailed discussions of each of the 24 CRF processes, explaining a wide range of security areas by process category and offering guidance on how to implement each.

Part 4: Eight steps to implementing cyber security. Our eight-step approach to implementing the cyber security processes you need and maintaining them.

Part 5: Reference frameworks. An explanation of how standards and frameworks work, along with their benefits. It also presents ten framework options, introducing you to some of the best-known standards and giving you an idea of the range available.

Part 6: Conclusion and appendices. The appendices include a glossary of all the acronyms and abbreviations used in this book.

Whether you are just starting out on the road to cyber security or looking to enhance and improve your existing cyber resilience programme, it should be clear that cyber security is no longer optional in today's information age; it is an essential component of business success.

Make sure you understand the threats and vulnerabilities your organisation faces and how the Cyber Resilience Framework can help you tackle them. Start your journey to cyber security now - buy this book today!

Understand your GDPR obligations and prioritise the steps you need to take to comply

The GDPR gives individuals significant rights over how their personal information is collected and processed, and places a range of obligations on organisations to be more accountable for data protection.

The Regulation applies to all data controllers and processors that handle EU residents' personal information. It supersedes the 1995 EU Data Protection Directive and all EU member states' national laws that are based on it - including the UK's DPA (Data Protection Act) 1998.

Failure to comply with the Regulation could result in fines of up to 20 million or 4% of annual global turnover - whichever is greater. This guide is a perfect companion for anyone managing a GDPR compliance project. It provides a detailed commentary on the Regulation, explains the changes you need to make to your data protection and information security regimes, and tells you exactly what you need to do to avoid severe financial penalties.

Clear and comprehensive guidance to simplify your GDPR compliance project

Now in its fourth edition, EU General Data Protection Regulation (GDPR) - An implementation and compliance guide provides clear and comprehensive guidance on the GDPR. It explains the Regulation and sets out the obligations of data processors and controllers in terms you can understand.

Topics covered include:

• The DPO (data protection officer) role, including whether you need one and what they should do;
• Risk management and DPIAs (data protection impact assessments), including how, when and why to conduct one;
• Data subjects' rights, including consent and the withdrawal of consent, DSARs (data subject access requests) and how to handle them, and data controllers and processors' obligations;
• Managing personal data internationally, including updated guidance following the Schrems II ruling;
• How to adjust your data protection processes to comply with the GDPR, and the best way of demonstrating that compliance; and
• A full index of the Regulation to help you find the articles and stipulations relevant to your organisation.

Supplemental material

While most of the EU GDPR's requirements are broadly unchanged in the UK GDPR, the context is quite different and will have knock-on effects. You may need to update contracts regarding EU-UK data transfers, incorporate standard contractual clauses into existing agreements, and update your policies, processes and procedural documentation as a result of these changes.

We have published a supplement that sets out specific extra or amended information for this pocket guide. Click here to download the supplement.

About the authors

The IT Governance Privacy Team, led by Alan Calder, has substantial experience in privacy, data protection, compliance and information security. This practical experience, their understanding of the background and drivers for the GDPR, and the input of expert consultants and trainers are combined in this must-have guide to GDPR compliance.

Start your compliance journey now and buy this book today.

An IT service desk is the first point of contact between users and an IT organisation. A service desk is a one-stop destination for enquiries, requests and reporting issues, ensuring continuing use of IT services without disruption. They have become intrinsic in modern organisations.

A service desk makes prioritising and responding to customer enquiries much more efficient, saving time and money. More and more organisations are understanding that customer satisfaction is key to developing their business.

The Service Desk Handbook - A guide to service desk implementation, management and support provides operational guidance for implementing, managing and supporting service desks in the enterprise. It will help service desk teams in adopting ITIL^(R) to accomplish their tasks while making the necessary adaptations as per their organisation's needs.

Suitable for service desk agents, supervisors and managers, as well as project managers and senior management looking to revise processes, this book will help readers get a service desk unit off the ground and act as a key reference guide once the service desk has been implemented.

Topics covered include:

• Planning for a service desk;
• Telephony and tooling;
• The service desk team;
• Documentation;
• Performance measures; and
• Technology considerations - artificial intelligence and platforms and tools.

Successful cyberattacks can damage your organisation, no matter who is behind them The goals of the cyberterrorist, the cybercriminal, the cyberactivist and the state-sponsored hacker may not be the same - but the outcomes can be equally devastating. Each can cause serious challenges for your organisation, ranging from information theft and disruption of normal operations to loss of reputation or credibility. Cyber security is much more than technology Many books on cybersecurity focus on technical responses to these threats. As important as this is, human fallibility and other known vulnerabilities will still allow hackers to easily break into a system that has not taken account of these factors. CyberWar, CyberTerror, CyberCrime and CyberActivism encourages cybersecurity professionals to take a wider view of what cybersecurity means, and to make the most of international standards and best practices to create a culture of cybersecurity awareness within their organizations that complements their technology-based defences. A cyber aware workforce equals better security This second edition takes a deep look at the changing threats in the cyber landscape, and includes an updated body of knowledge that describes how to acquire, develop, and sustain a secure information environment that goes beyond technology. This enables you to move towards a cyber aware organisational culture that is more robust and better able to deal with a wider range of threats. Related references, as well as recommendations for additional reading, are included at the end of each chapter making this a valuable resource for trainers, researchers and cybersecurity practitioners. Order this book today and see how international standards can boost your cyber defences About the author Dr Julie Mehan is the Founder and President of JEMStone Strategies and a Principal in a strategic consulting firm in the State of Virginia. She has delivered cybersecurity and related privacy services to senior commercial, department of defence and federal government clients working in Italy, Australia, Canada, Belgium, and the United States. Dr Mehan is also an Associate Professor at the University of Maryland University College, specializing in courses in Cybersecurity, Cyberterror, IT in Organizations and Ethics in an Internet Society.

The United States DoD (Department of Defense) is one of the largest employers in the world, with about 2.87 million employees. It spends more than a year among more than 350,000 contractors and subcontractors throughout its supply chain.

Information in the DoD network is shared digitally across the contractor and subcontractor supply chain, offering an irresistible target for nation-states and cyber criminals.

Protecting the DoD supply chain

The CMMC (Cybersecurity Maturity Model Certification) was developed to step up measures for protecting the DoD supply chain. Its objectives are to standardize cybersecurity controls and ensure that effective measures are in place to protect CUI (Controlled Unclassified Information) on contractor systems and networks.

All companies doing business with the DoD, including subcontractors, must become certified by an independent third-party commercial certification organization.

Your essential guide to understanding the CMMC

To help you get to grips with the CMMC, this essential pocket guide covers:

• What the CMMC is and why it has been introduced
• Who needs to comply with the CMMC
• The implementation process
• The road to certification
• CMMC implications for firms doing business with the US government

Suitable for senior management and the C-suite, general or legal counsel, IT executives, IT organizations, and IT and security students, this pocket guide will give you a solid introduction to the CMMC and its requirements.

This book is about cyber security. In Part 1, the author discusses his thoughts on the cyber security industry and how those that operate within it should approach their role with the mindset of an artist. Part 2 explores the work of Sun Tzu's The Art of War.

An ideal introduction to PCI DSS v4.0.1

Organisations that accept payment cards are prey for criminal hackers trying to steal financial information and commit identity fraud. Many attacks are highly automated, using increasingly sophisticated tools and techniques to search for website and payment card system vulnerabilities remotely. When a vulnerability is discovered, an attack can start - with the management and staff of the target organisation unaware of what is going on.

The PCI DSS exists to ensure that organisations process credit and debit card payments in a way that effectively protects cardholder data.

This guide will help you understand:

• How you can comply with the requirements of the Standard;
• How certification to ISO 27001:2022 can help with PCI DSS implementation;
• PTS (PIN Transaction Security); and
• P2PE (point-to-point encryption).

Get this guide to start your PCI DSS implementation journey today!

Accessible and professional advice on how to implement an ISO14001 environmental management system In the 21st century, business has to take sustainability seriously. As public opinion becomes increasingly concerned about climate change, governments are imposing ever tighter environmental regulations on both industry and the retail sector. By putting in place an environmental management system (EMS), you can ensure you are disposing of your waste in a responsible manner and making the most efficient use of raw materials. This will help you to lower carbon emissions and keep the negative impact of your business on the environment to a minimum. ISO14001 The International Standard The international standard for an EMS is ISO14001. With an EMS certified to ISO14001, you can improve the safety and efficiency of your business operations, and, at the same time, boost customer confidence and reassure your stakeholders. An invaluable step-by-step guide This pocket guide, intended to help you put in place an EMS, is specifically focused on ISO14001. It is designed to enable industry managers, who may be lacking in specialist knowledge, to achieve compliance with the Standard. A step-by-step approach makes the guide easy to follow. The authors, two experienced auditors, are acknowledged experts on environmental management systems, and they have drawn on material from the UK's Environment Agency. The pocket guide will prove invaluable, not only for auditors and trainers, but also for managers across many sectors of industry. Read this guide and learn how to ... -Achieve compliance with ISO14001 Instead of just telling you, in bureaucratic fashion, what is specified under ISO14001, this user-friendly guide looks at the active steps you can take in order to ensure compliance with the Standard. It discusses the factors you need to consider when defining the objectives of the EMS, such as financial viability and available technology, and offers suggestions for measuring and monitoring the effectiveness of your environmental policy. -Manage environmental risks The Deepwater Horizon oil spill is an example of the financial and reputational risks associated with environmental pollution. This pocket guide contains sound advice on the types of operational controls you need to put in place to manage environmental risks and help avoid incidents. -Prepare to deal with an emergency The pocket guide offers suggestions on how to plan for an emergency, such as a spillage or a gas leak, ensuring you have procedures in place to minimise the environmental impact. -Improve the image of your brand Ultimately, organisations aim to operate in a way that shows respect for the environment. Certification to ISO14001 is a recognised measure of that commitment. It is in the interests of your business to be well regarded by the public and, if you use this guide to help secure compliance with ISO14001, you can improve public perception of your organisation. Investing in ISO14001 certification can contribute to enhanced brand equity. Take your organisation step by step towards successful ISO14001 certification Order this pocket guide today