Whilst it is seemingly impossible to cover all the bases we have a primary duty of care to :
- Identify risks – treat or mitigate
- Demonstrate that security is taken seriously
- Constantly improve
- Audit – brainstorm, scan or look for issues.
- Action – take immediate action, schedule next action.
- Assess – monitor effectiveness. Can anything be done better ?
- Account – document all the above to form an incident record.