Show me desktop version

 

The ISO 27001 & ISO 22301 Blog

 

/wp-content/uploads/2014/10/ISMS-process-chart-wpcf_110x110.png

How to define the ISMS scope

ISMS scope is probably one of the hottest topics since the 2013 revision of ISO 27001 was published, because it introduces some new concepts like interfaces and dependencies. But, when thinking about the scope in a structured way, it is actually …

Read More ...
/wp-content/uploads/2014/09/RhandLealPhoto-wpcf_66x66.jpg

How personal certificates can help your company’s ISMS

One of the greatest challenges in managing information security is assuring that people can handle information and execute security activities in a proper manner. Unprepared and untrained people can pose a risk to information, and to business, and they are …

Read More ...

List of free ISO 27001 and ISO 22301 resources

As you probably noticed, we recently launched the redesigned 27001Academy website; what you may not have noticed are all the free resources we offer on the website. Here they are: Basic explanation of ISO 27001 and ISO 22301: Simple explanation of …

Read More ...

How detailed should the ISO 27001 documents be?

When starting to write a policy or a procedure, you’re probably puzzled as to how lengthy it should be. And the truth is, ISO 27001 (as well as other ISO standards like ISO 20000, ISO 9001, ISO 14001 and others) are very flexible …

Read More ...

How to write ISO 27001 risk assessment methodology

Without a doubt, risk assessment is the most complex step in the ISO 27001 implementation; however, many companies make this step even more difficult by defining the wrong methodology (or by not defining the methodology at all). What does ISO 27001 …

Read More ...
/wp-content/uploads/2014/09/RhandLealPhoto-wpcf_66x66.jpg

Risk appetite and its influence over ISO 27001 implementation

Clause 6.1.2 (a) (1) of ISO 27001:2013 states that an organization must establish and maintain information security risk criteria, and those must include criteria for risk acceptance. Since these criteria have direct influence on how organizational risks are treated, defining them …

Read More ...

Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization)

Clause 4.1 is a completely new requirement in the 2013 revision of ISO 27001, and it has caused quite some confusion because it is rather vague. (By the way, there is very similar confusion with ISO 22301, so this article …

Read More ...

8 criteria to decide which ISO 27001 policies and procedures to write

If you’re just starting to implement ISO 27001 in your company, you’re probably in a dilemma as to how many documents you need to have, and whether to write certain policies and procedures or not. Criteria for deciding what to document Well, …

Read More ...

How to become an ISO 27001 / ISO 22301 consultant

If you are thinking about a career change, becoming an independent consultant for ISO 27001 and/or ISO 22301 certainly sounds like an attractive option. But what do you need to know, and what do you need to have to start your own …

Read More ...

How to maintain the ISMS after the certification

If you thought that your job was over after the ISO 27001 certification, you’re wrong – the real job with your Information Security Management System (ISMS) has just begun. OK, but where do you start? The good news is that …

Read More ...
Show posts: