GDPR:

Beyond Compliance
How RESILIA™can help you
build trust and add value
Contents
01 Introduction 03
02 Personal data and the value of trust 04
03 What is GDPR? 06
04 What is RESILIA? 12
05 How can RESILIA help you prepare for GDPR? 16
06 Conclusion 20
07 What next? 20
08 About the author 21
09 About AXELOS 24
02 I RESILIA and GDPR
Introduction: RESILIA and GDPR
The new European General Data Protection Regulation
(GDPR) comes fully into force on 25 May 2018. If you’ve
only just started to think about this then you need to be
aware there is lots of preparation to do if your organization
is to be ready and fully compliant by then. This White Paper
looks at some of the most prominent issues raised by GDPR,
and shows how utilizing the RESILIA Cyber Resilience
Best Practice guidance and the RESILIA Professional
certification can help you prepare to deal with them.
RESILIA and GDPR I 03
 Personal data and
the value of trust
02
Even if there were no laws about privacy or
an individual’s right for their personal data to
be handled appropriately, there would still be
tension between the desire of ordinary people to
maintain some degree of privacy and the desire
of organizations to access their personal data.
Organizations want this access to enable them
to offer goods and services to customers, to help
them target their offers at the right people, to
manage their staff, to meet legal obligations, and
for many other purposes. Clearly this is not, in
itself, a bad thing. Customers and employees are
generally happy to share some of their personal
data so they can interact with companies more
effectively, and receive and make use of the
goods and services they offer. Consider a very
simple case of someone making an online
purchase. They need to provide their name and
address to the company they are buying from
so the goods can be dispatched and invoiced to
the correct person and address. They may also
be comfortable providing their phone number or
email address in order to receive notifications
regarding the status of their purchase. This is
all private information, but people are happy to
share it because it means they get value that they
would otherwise not receive.
There are many other reasons why a customer
might agree to share their personal data with
an organization. They may want the company
to retain their data to make it easier to buy
goods and services in the future, to receive
regular marketing information, or to make use
04 I RESILIA and GDPR
“Customers and employees are generally happy
to share some of their personal data so they can
interact with companies more effectively, and receive
and make use of the goods and services they offer”
of a forum or channel the company provides
to communicate with their friends or fellow
customers.Equally, there are many reasons
why an organization might wish to retain
personal data about their customers. As we
have seen, some personal data is essential
if they are to deliver goods and services.
Other data enables them to analyze previous
sales and improve their business. They may want
to contact people to tell them about new goods
or services, or to personalize the customer’s
experience of their website. They may simply
need the data to provide a forum or channel
where people can interact with each other.
However, if sharing information leads to a deluge
of unsolicited letters, text messages, phone calls,
or emails offering products they are not interested
in, people will not be happy. It’s even worse
if customers find out that their data has been
shared with third parties without their express
permission, or has been leaked and exploited by
other actors. They may tell everyone they know
to avoid sharing information with the organization
concerned because it can’t be trusted. If this
happens often enough then the reputational
damage can be so severe that the organization
may find it hard to remain in business.
Organizations need people to share their personal
information; people need to trust the organization
before they are happy to share. Such trust can be
hard to build and is easily lost. It takes time and
effort, but the return is increased value for both
the organization and its customers.
RESILIA and GDPR I 05
 What is Dat
a subject Conse
(or oth nt
lawful er
03
GDPR? cc
u rat
e
use)
Sh
ar
in

g
A
e

S ec
-dat
Many governments around the world have
introduced regulations to help protect the way

urity
Up-to
personal data is used. In some countries, like the
USA, there are industry-specific regulations, such as
the Health Insurance Portability and Accountability
Act (HIPAA) which protects personal data about To achieve
health. In other countries, such as those in the GDPR compliance,
European Union, there is a more general right to organizations need
privacy. Until May 2018, each European country

policy
to be familiar
ete
will manage its own data protection laws, although
the laws are all similar as they must conform with with a number of key
the existing EU Data Protection Directive. Compl terms and concepts,

cy
these include:
From May 2018, there will be a single EU-wide

Priva
law (GDPR) that will apply to all EU countries and
all organizations doing business in those countries.
This includes the UK, as ‘the government has
confirmed that the UK’s decision to leave the EU
will not affect the commencement of the GDPR’.
Acc

ss ul
ro la r
ing
ce w f
nd Fai
ou

The objectives of GDPR can be

nt

broadly summarized as follows:

a
ab

y p
ili

• Ask permission
t

• Respect the privacy of the subject

no Brea
tifi ch i g ht re
• Value and respect their data ca t Right R asu
ion r
to data to e
portability

06 I RESILIA and GDPR RESILIA and GDPR I 07

 If data
03
were a car
Some of these concepts are easier to grasp if we imagine that,
instead of discussing the use of someone’s personal data, we are
talking about borrowing their expensive sports car* using consent
as the legal basis for processing.

1 Seek permission to use

Imagine a neighbour with whom you are on friendly terms is in
possession of a luxury sports car that you would love to drive.
Before you borrow the car, you must ask your neighbour for
permission (and, in most circumstances, also arrange insurance
cover). You certainly shouldn’t just take the car and drive off;
that would be illegal, it would almost certainly upset your friend,
and they might even call the police. Asking your neighbour for
permission to borrow the car is an example of gaining consent.
There are circumstances where consent might not be needed,
for example, if your neighbour’s child managed to drive the car
off their driveway into the middle of a busy road then they would
clearly be happy for you to intervene and drive the car back to the
driveway! There are also circumstances where consent might be
implied, rather than explicit. For example, if your neighbour took
the car to be serviced then the garage might not explicitly ask
for permission to carry out a short test drive after the service.
These are examples of consensual use of the vehicle.
Your neighbour would be very upset if they discovered that
the mechanic took the car for a long journey, or used it to take
fare-paying passengers on a trip. That would not be legitimate use.

2 Maintain trust
If you ask your neighbour for permission to borrow their car to go
to the shops then they would not expect you to use it to take your
family on holiday, or allowed someone else to drive it, and they would
be obviously be outraged if you attempted to sell it! Similarly, when
you use someone’s personal data, you must ensure fair and lawful
processing, no abusing or sharing without further consent.

08 I RESILIA and GDPR RESILIA and GDPR I 09

*This car analogy is derived from the article “GDPR In a Nutshell” by Moyn Uddin from https://www.cybercounsel.co.uk/gdpr-in-a-nutshell/
 3 Provide assurance
03 The neighbour will want you to be transparent,
and to let them know exactly what you will use
the car for. You should tell them whether you
plan to take any passengers, and assure them
that you will look after the car. Likewise, if you
want someone’s personal data you need to
provide them with a privacy notice.
4 Protect it while it is in your possession
Your neighbour will expect you to park the car
in a safe place, to lock the door when the car
is unattended, to observe highway laws and
speed limits, and generally to take care of the
car to ensure that it is not stolen or damaged.
Correspondingly, you must provide security for
personal data that has been entrusted to you.
Tell them if something happens
5 data portability (right to obtain and reuse their
If the car does get damaged, or stolen, despite
your having taken reasonable care, then you
shouldn’t return the car without saying anything
and hope the neighbour doesn’t notice.
Your neighbour expects that you will inform
them as soon as possible, and report the theft
or damage to the appropriate authorities.
In the same way, if personal data leaks you
must provide breach notification.
10 I RESILIA and GDPR
6 Keep it in good condition
Your neighbour also expects you to keep the car
clean and roadworthy. If this is a long-term loan
then you should keep the tax, insurance and other
legal documents up-to-date, get the car serviced,
and ensure it remains fit to drive on the roads.
In terms of managing personal data, organizations
are responsible for keeping the data up-to-date,
accurate and complete, and individuals have a
right to rectification (the right to have personal
data rectified if it is inaccurate or incomplete).
7 Remember it’s not yours
When you borrow your neighbour’s car, it still
belongs to your neighbour, and if they rescind
permission to borrow it, you have to give it back.
Moreover, if the neighbour asks you to return the
car ready for them to use it themselves, then
you have to arrange to do so. This may mean
that you have to fill the car with fuel and deliver
it to where the neighbour wants it. In parallel,
any personal data that you store still belongs to
the data subject, the person the data is about,
and is not yours to keep. So, under the GDPR,
the data subject has the right to erasure (right
to be forgotten). They also have the right to
personal data for their own purposes across
different services).
8 Be accountable
If you use your neighbour’s sports car without
permission, or in a way that hasn’t been agreed,
then you may have to pay damages, and you
could even end up in prison. Equivalently, under
GDPR you are accountable for managing personal
data and for what happens to it.
RESILIA and GDPR I 11
 What is “RESILIA guidance shows how an organization can build
a management system which encourages collaboration

RESILIA?
between the people who plan and manage IT services, and
04 the people who plan and manage information security”

Table; RESILIA starts from the ITIL lifecycle to approach the management of
cyber resilience risks. This lifecycle starts with cyber resilience strategy, and
proceeds through design and transition to operation.

RESILIA: Cyber Resilience Best
Practice and the professional
certification which derives from
it will prove extremely helpful
to any organization preparing
for GDPR, as the following
section of this paper will
illustrate. However, to appreciate
how RESILIA can help your
organization achieve these goals,
we will begin by providing a brief
explanation of what RESILIA is.
As the name suggests, RESILIA: RESILIA describes how an organization can might have been a minor embarrassment
Cyber Resilience Best Practice is a body of manage cyber-risk by integrating IT service can turn into a major catastrophe.
best practice that can help an organization to management (ITSM) processes and activities RESILIA encourages organizations to consider
improve its cyber resilience. In particular, RESILIA with the required cyber resilience controls how they will detect breaches when they
guidance shows how an organization can build and activities. This may be done by creating occur, and how they will then respond.
a management system (i.e. the framework of a single joined-up process, or by identifying Planning and investment in controls designed
processes, policies and procedures that allow it to and managing the required interfaces and to prevent breaches should be balanced with
achieve its goals) which encourages collaboration data-sharing between the related planning and investment in controls to
between the people who plan and manage IT processes and controls. mp detect and correct them.
u a l i rove
services, and the people who plan and manage
tin me
information security. In the digital age without such 4.1 n nt 4.1.2
close collaboration between these parts of the The need Co D e si g n People, process
business, meeting the data protection requirements for balance and technology
of GDPR is likely to prove very difficult. One of the main While investment in
organizing ideas security technology to
The most well-known best practice for ITSM is in RESILIA is the protect against cyber
ITIL®, and many organizations have adopted
ideas from ITIL to help them plan, build, and run
concept of balance.
Each organization
Strategy breaches is essential,
investment in people

Ope

ion
IT services. Since RESILIA is based on the ITIL needs to take a and processes is
lifecycle, it is very easy for organizations who balanced approach equally important.

sit
rat
have already adopted ITIL to adopt RESILIA, to all aspects of on Although a major

an
Tr

facilitating collaboration between their ITSM and
information security staff. However, it should be
stressed that organizations which do not use
ITIL-based practices can still harness real value
by adopting RESILIA.
RESILIA starts from the ITIL lifecycle to approach
the management of cyber resilience risks. This
lifecycle starts with cyber resilience strategy,
and proceeds through design and transition
to operation. It also considers continual
improvement of cyber resilience as a core
competence. At each stage of this lifecycle,
i
cyber resilience.
4.1.1
Prevent, detect,
respond and recover
RESILIA recognizes that
it is important to take appropriate
precautions to prevent data breaches, whilst
acknowledging that, however much you invest
in prevention, it is not possible to prevent
every breach. Additionally, if it takes a long
time to detect the breach, and the wrong
recovery actions are attempted, then what
contributor to most security
breaches is employees
unwittingly doing the wrong
thing, simply telling staff that they
are the biggest threat to security, or
pointing fingers at culprits after the fact, will
not change their behaviour. RESILIA emphasizes
the need to bring about and sustain
organizational-wide behavioural change. Rather
than simply relying on the latest security software
it is much better, indeed, essential, to also train
your people to become part of a ‘human firewall’,
preventing, detecting and correcting incidents.

12 I RESILIA and GDPR RESILIA and GDPR I 13

 “A combination of regular training, testing, clear
communication and leadership from the top, tailored to
the needs of particular groups of staff, helps to ensure
that doing the right thing comes naturally to the people
“The most
an organization depends on to protect its critical assets”
well-known
A combination of regular training, testing, clear Backup
best practice for
ITSM is ITIL®,
communication and leadership from the top, After breaches, systems and data can be restored
tailored to the needs of particular groups of from good backups. When there are no backups,
staff, helps to ensure that doing the right thing old backups, or backups vulnerable to the
comes naturally to the people an organization same attack as the data and systems they

depends on to protect its critical assets,
including, of course its customer data.
There are many processes that need to
work in synergy to deliver cyber resilience.
Some of the more important are:
and many
were securing, recovery becomes difficult,
time-consuming and expensive.
Joiners, movers, and leavers

Patch management
Many attacks succeed because organizations
have not installed patches that would have
organizations have
Organizations need to know who requires what
access to which systems and data, and to ensure
that such access is removed as soon as staff no
longer need it. Outdated credentials are often
used in successful breaches. There are many

adopted ideas from

protected them, or have missed installing them other processes which can form part of a greater
on one or two systems. Investment in a solid cyber resilience strategy, but this short list should
patch management process can help. serve to illustrate how important processes are.

ITIL to help them

plan, build, and
run IT services”
14 I RESILIA and GDPR RESILIA and GDPR I 15
 How can RESILIA
05
help you prepare
for GDPR?
As we have shown, many activities are needed
to prepare for GDPR, but an organization where
staff have been trained in RESILIA, and where
ideas have been adopted from RESILIA to inform
how staff work, will be in a great position to meet
this challenge and indeed prosper from it.
While this section of the paper is primarily about
the role that can be played by specific processes
or activities that are recommended by RESILIA,
the most important overall idea to grasp is this:
your organization needs a formal management
system, and this management system needs
to be able to produce records that show both
what it planned to do, and that it has done what
was planned. This is because a key difference
between GDPR and earlier privacy laws is the
requirement to demonstrate that you have taken
appropriate steps to identify and protect personal
data. In other words, you must be able to provide
records. Organizations that adopt practices
from RESILIA when they design their ITSM and
information security management systems will
be in a good position to produce these records as
and when required.
It is likely that one of the early activities
undertaken in your organization’s preparations
for GDPR will be identifying all the personal data
that your organization holds. Knowing what data
you have, why you have it, and where it is
stored is essential to such planning. RESILIA
describes how the management of asset
information (including a clear and detailed
16 I RESILIA and GDPR
data register and data handling policy) needed
for cyber resilience planning can be integrated
with the slightly different requirements of
ITSM asset and configuration management.
This integrated asset and configuration
management process can provide an
authoritative source of information about
personal data for use in planning, as well as
for audits when the organization needs to show
that they have undertaken due diligence and
are handling their personal data with due care.
Collaboration between information security and
ITSM, and the integration of related activities
by the legal team and HR, can contribute to
meeting GDPR requirements in many ways.
GDPR is fundamentally about managing risk
to personal data and complying with the rights
of data subjects. RESILIA is about managing
risks to information, and many of these risks
are highly relevant to GDPR. Here are some
examples of how practices from RESILIA can
help an organization to meet the needs of
GDPR compliance.
Lifecycle approach
to management
GDPR requires ‘privacy by design’.
This means that privacy and data
protection compliance need to be built in to
projects and services from the start, rather than
being added on later. The RESILIA lifecycle starts
with strategy and design phases to ensure that
this happens.
Governance
Governance of IT ensures that the owners
of the organization set the direction for
everything that is done. There have been
numerous cyber breaches which have resulted in
fines or resignations at board level, and this helps
to illustrate the importance of governance in cyber
resilience. Boards will also be held accountable for
breaches of GDPR, as well as for every other aspect
of data protection and cyber security, which means
that governance is essential for directing everything
done within IT. Integrated governance of IT
and information security can help the board
(or equivalent body) to ensure the whole
organization is working to common objectives,
including common data protection objectives.
It is worth noting in this context that the maximum
fine for a breach of GDPR regulations can be
extremely high, up to 4% of global turnover of
the organization for the worst offences.
Risk management
The organization must be able to
show that it has applied suitable risk
management to identifying, prioritizing
and managing cyber resilience risk, including risks to
personal data. RESILIA describes a risk management
methodology that can be used for this purpose.
Many requirements of GDPR are about managing
risks to personal data. It requires that formal risk
assessment and management is carried out, and
that records exist to show that this has been done.
The approach described in RESILIA could make
a significant contribution to this requirement.
“Uncontrolled changes can
introduce major cyber
resilience risks, leading
to breaches of personal
data, so it is essential to
manage all changes to IT
systems and services”
Policy management
Many policies must be defined (and
followed) to enable compliance with
GDPR. For example, every organization
must have a data protection policy, a privacy
policy and many others. GDPR provides guidance
on the required content for these policies,
RESILIA provides guidance on how the policies
can be effectively managed. Policies must be
communicated to, and understood by, everybody
who needs to follow them. They must be
followed, and there must be evidence to show
that they are being followed. Since so many
of these policies relate to how IT services are
planned, built and operated, it is essential that
these policies are integrated with the design and
management of IT services and ITSM processes.
Organizations can make use of the guidance
offered by both ITIL and RESILIA to facilitate
policy production and management.
Business relationship
management and
stakeholder management
These processes ensure that IT has
understood the requirements of their partners
and stakeholders, and that these requirements
are fed into the strategy and design of IT
services and information security practices.
Integrated business relationship management
and stakeholder management can ensure that
cyber resilience requirements, including those
requirements pertaining to personal data, are
considered alongside other requirements when
RESILIA and GDPR I 17
 “Cyber resilience must be integrated with other
aspects of how suppliers are appointed and
managed. Suppliers can be a significant risk to
personal data and GDPR has various requirements
that relate to the management of suppliers”

the organization is making investment decisions,
or is planning new or changed IT services.
The RESILIA portfolio also provides awareness
training and other materials that can be used
to help break down barriers between IT and
their customers (both internal and external), to
ensure that there is a common language and
understanding of cyber risks.
Recruitment and training
Staff who handle personal data must be
trained in how it should be managed.
Organizations that take into account
cyber resilience when recruiting and training
people, especially IT, legal and HR staff who may
have privileged access to sensitive data, will be
able to ensure that the staff managing personal
data are suitably trained. RESILIA explains the
key issues that should be considered, and how
these should be integrated rather than carried
out as separate activities.
Supplier management
There are many cyber resilience risks
related to the use of suppliers, and
some major breaches of personal data
have been caused by ineffective supplier (third
party) management. Cyber resilience must be
integrated with other aspects of how suppliers
are appointed and managed. Suppliers can be
a significant risk to personal data and GDPR
has various requirements that relate to the
management of suppliers. These requirements
cannot be managed in isolation from other
aspects of managing those suppliers.
The integrated approach described in RESILIA is
an ideal way to ensure that GDPR requirements
for supplier management can be met.
Service level management
GDPR has a number of specific
requirements that require organizations
to collect and collate information in
limited timeframes. For example, they must
respond to a subject access request (SAR)
within one month, providing a data subject with
information about all data held about them, and
how it is used. A service level agreement between
the data owners in the business and the people
in IT who can provide this information will help
to ensure that these times can be met.
Change and release
management
Uncontrolled changes can introduce
major cyber resilience risks, leading
to breaches of personal data, so it is essential
to manage all changes to IT systems and
services. It is not possible to run two separate
change management processes, one to consider
cyber resilience risks and another to manage
IT changes. There must be a single integrated
change management process that ensures the
organization is protected. This does not mean
that the organization needs an old-fashioned,
bureaucratic process with senior managers sitting
round a table to discuss every change, but it does
mean that someone must be accountable for
considering each change and ensuring that the
potential impacts are understood.
Testing
Changes and releases should be
tested to ensure that they behave as
expected, and clearly this must include
security testing. It is also essential to test cyber
resilience controls on a regular basis to ensure
that they are still performing as required. Even
if cyber resilience testing is separate from other
functional and operational tests, there needs to
be a coordinated approach to ensure that test
coverage is complete, test data is appropriate,
and results of tests are communicated.
Access management
Granting and revoking access to
IT systems and data should be an
integral component of an HR joiners,
movers and leavers process, as well as with
the ITSM process used to fulfil service requests.
RESILIA describes the essential requirements
for this integration across different parts of
the organization.
Incident management and
continuity management
There are many different types and
sizes of security incident. An effective
security incident management process needs to
include the ability to log and manage each of
them, ranging from a minor virus infection of a
single laptop to a major breach of personal data.
It also needs to be integrated with the business
processes for continuity management and crisis
management. One important aspect of incident
management is rehearsals and scenario testing.
By running practice sessions with the staff who
are likely to be involved in managing a real
incident, the organization can help to ensure
that people take the correct actions when
acting under pressure.
GDPR has a requirement that breaches are
notified to the regulator within 72 hours.
This breach reporting must include information
about the people affected, the records breached,
the potential consequences, and the actions that
have been taken to manage the situation.
To do this requires efficient and effective
incident management through which the
risk is contained and what has happened
is documented, all within this very short
timeframe. The approach to incident
management described in RESILIA can
help to ensure this requirement is met.

18 I RESILIA and GDPR RESILIA and GDPR I 19

 06
Conclusion What
next?
What we have described is only a partial list of the
most important areas where the integrated approach
to cyber resilience recommended by RESILIA can
help an organization to prepare for GDPR.
RESILIA offers a balanced approach to designing
controls and processes that can significantly
contribute to the success of your GDPR planning.
RESILIA is not a replacement for control
frameworks, such as the ISO/IEC 27000 series
of international standards or the US NIST cyber
security framework, but it has been written to
integrate well with these frameworks, and should
be considered by any organization that is planning
to improve its cyber resilience and thereby ensure
that they are in the best position to both comply
with and exploit the new requirements that full
compliance with GDPR will bring.
Critically you should recognize that GDPR is
not simply about ensuring compliance and
avoiding financial penalty, it also presents a huge
opportunity: for knowing exactly what data you
have and where it is held will enable you to better
understand your customers and thereby make it
far easier to develop and deliver targeted, market
leading goods and services which can secure your
organization a vital competitive advantage.
20 I RESILIA and GDPR
07
Visit AXELOS.com/certifications/resilia-certifications
to find out more and sign up to one of our
RESILIA Professional Foundation and
Practitioner Certified Training courses
with an Accredited Training Organization.
You can also use our free RESILIA Snapshot
Tool to assess the quality and suitability of
your current cyber security processes and
controls enabling your organization to
understand where you are on the road
to cyber resilience and GDPR preparedness.
Visit pathway.axelos.com today and help
your organization on the journey to genuine
cyber resilience!
08
About the
author
Stuart Rance
Stuart Rance is a consultant,
trainer and author, and
owner of Optimal Service
Management Ltd. Stuart
works with a wide variety of
clients in many countries,
helping them use ideas from information security
management and IT service management to
create value for themselves and their customers.
He is a Chartered Fellow of BCS (FBCS CITP)
and a Certified Information Systems Security
Professional (CISSP).
Stuart shares his expertise widely, regularly
presenting at events and writing books, white
papers and blogs on all aspects of IT. He was
an architect for ITIL Practitioner, lead author
of RESILIA: Cyber Resilience Best Practice,
and author of ITIL Service Transition. Stuart is
chief examiner for RESILIA, an examiner for
ITIL, and an instructor for ITIL, CISSP and
many other topics.
RESILIA and GDPR I 21
About AXELOS
AXELOS is a joint venture company co-owned by
the UK Government’s Cabinet Office and Capita
plc. It is responsible for developing, enhancing and
promoting a number of best practice methodologies
used globally by professionals working primarily
in project, programme and portfolio management,
IT service management and cyber resilience.

The methodologies, including ITIL®, PRINCE2®,

MSP® and the new collection of cyber resilience best
practice products, RESILIA™, are adopted in more
than 150 countries to improve employees’ skills,
knowledge and competence in order to make both
individuals and organizations work more effectively.

In addition to globally recognized qualifications,

AXELOS equips professionals with a wide range
of content, templates and toolkits through
the CPD aligned AXELOS Membership and our
online community of practitioners and experts.

Visit www.AXELOS.com for the latest news

about how AXELOS is ‘Making organizations
more effective’ and registration details to join
AXELOS’ online community.

If you have specific queries, requests or would

like to be added to the AXELOS mailing list
please contact Ask@AXELOS.com

Trade marks and statements

AXELOS®, the AXELOS swirl logo®, ITIL®, PRINCE2®,
PRINCE2 Agile®, MSP®, M_o_R®, P3M3®, P3O®, MoP®,
MoV® are registered trade marks of AXELOS Limited. RESILIA™
is a trade mark of AXELOS Limited. All rights reserved.

Copyright © AXELOS Limited 2017. Reuse of any content in

this White Paper is permitted solely in accordance with the
permission terms at https://www.axelos.com/policies/legal/
permitted-use-of-white-papers-and-case-studies A copy of these
terms can be provided on application to AXELOS at Licensing@
AXELOS.com Our White Paper series should not be taken as
constituting advice of any sort and no liability is accepted for
any loss resulting from or use of or reliance on its content.

While every effort is made to ensure the accuracy

and reliability of information, AXELOS cannot accept
responsibility for errors, omissions or inaccuracies, Content,
diagrams, logos, and jackets are correct at time of going to
press but may be subject to change without notice.
Sourced and published on www.AXELOS.com