Effective information security is a necessity for any organisation to achieve its goals whilst providing assurance to its stakeholders, partners and customers. With the GDPR coming into effect in 2018, now is the time to prepare; ISO/IEC 27001 and Cyber Essentials are valuable stepping stones towards meeting its requirements.