Whilst it is seemingly impossible to cover all the bases we have a primary duty of care to :
- Identify risks – treat or mitigate
- Demonstrate that security is taken seriously
- Constantly improve
- Audit - brainstorm, scan or look for issues.
- Action - take immediate action, schedule next action.
- Assess - monitor effectiveness. Can anything be done better ?
- Account - document all the above to form an incident record.