Show me desktop version

 

The ISO 27001 & ISO 22301 Blog

 

How to write ISO 27001 risk assessment methodology

Without a doubt, risk assessment is the most complex step in the ISO 27001 implementation; however, many companies make this step even more difficult by defining the wrong methodology (or by not defining the methodology at all). What does ISO 27001 …

Read More ...
/wp-content/uploads/2014/09/RhandLealPhoto-wpcf_66x66.jpg

Risk appetite and its influence over ISO 27001 implementation

Clause 6.1.2 (a) (1) of ISO 27001:2013 states that an organization must establish and maintain information security risk criteria, and those must include criteria for risk acceptance. Since these criteria have direct influence on how organizational risks are treated, defining them …

Read More ...

Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization)

Clause 4.1 is a completely new requirement in the 2013 revision of ISO 27001, and it has caused quite some confusion because it is rather vague. (By the way, there is very similar confusion with ISO 22301, so this article …

Read More ...

8 criteria to decide which ISO 27001 policies and procedures to write

If you’re just starting to implement ISO 27001 in your company, you’re probably in a dilemma as to how many documents you need to have, and whether to write certain policies and procedures or not. Criteria for deciding what to document Well, …

Read More ...

How to become an ISO 27001 / ISO 22301 consultant

If you are thinking about a career change, becoming an independent consultant for ISO 27001 and/or ISO 22301 certainly sounds like an attractive option. But what do you need to know, and what do you need to have to start your own …

Read More ...

How to maintain the ISMS after the certification

If you thought that your job was over after the ISO 27001 certification, you’re wrong – the real job with your Information Security Management System (ISMS) has just begun. OK, but where do you start? The good news is that …

Read More ...

What has changed in risk assessment in ISO 27001:2013

Risk assessment has always been a hot topic, and especially now with the changes in the ISO 27001 2013 revision – there are many doubts as to whether the risk assessment you’ve done according to the 2005 revision needs to …

Read More ...

6-step process for handling supplier security according to ISO 27001

Since more and more data is being processed and stored with third parties, the protection of such data is becoming an increasingly significant issue for information security professionals – it’s no wonder that the new 2013 revision of ISO 27001 …

Read More ...

What is the job of Chief Information Security Officer (CISO) in ISO 27001?

It may sound rather funny, but ISO 27001 does not require a company to nominate a Chief Information Security Officer, or any other person who would coordinate information security (e.g., Information security officer, Security manager, etc.). However, this is understandable …

Read More ...

Lead Auditor Course vs. Lead Implementer Course – Which one to go for?

If you are just entering the world of ISO 27001 or ISO 22301, you’re probably considering going for some training. This is certainly a good idea; however, which course is better for you – Lead Auditor Course, or Lead Implementer …

Read More ...
Show posts: