Show me desktop version

 

The ISO 27001 & ISO 22301 Blog

 

How to maintain the ISMS after the certification

If you thought that your job was over after the ISO 27001 certification, you’re wrong – the real job with your Information Security Management System (ISMS) has just begun. OK, but where do you start? The good news is that …

Read More ...

Practical use of corrective actions for ISO 27001 and ISO 22301

Is your company one of those that has no idea what the purpose of corrective actions is? Do you prepare your corrective actions only a couple of days prior to your certification audit? And do you think corrective actions are …

Read More ...

A first look at the new ISO 27001

Update 2013-09-25: This blog post was updated according to the final version of ISO 27001:2013 that was published on September 25, 2013. When I heard the news that the DIS (draft) version of ISO 27001:2013 is available, I was very …

Read More ...

Surveillance visits vs. certification audits

Surveillance visits are very often quite different from (initial) certification audits, so in this post I’ll explain why this is so and what the differences are. It bears mention here that all the issues I’ll be talking about in this …

Read More ...

5 ways to avoid overhead with ISO 27001 (and keep the costs down)

There are probably two main thoughts managers have when starting ISO 27001 implementation: (1) we’ll pay quite a lot of money for something we’re not sure is worth it; and (2) the annoyance of maintaining such a system will cost …

Read More ...

Becoming ISO 27001 certified – How to prepare for certification audit

If you think writing a bunch of information security documents is enough to get ISO 27001 certificate , you’re wrong. You need to implement all the activities described in your documentation, but that’s not all – you also need to …

Read More ...

BS 25999-2 implementation checklist

Your management has given you the task to implement business continuity, but you’re not really sure how to do it? Although it is not an easy task, you can use the BS 25999-2 methodology to make your life easier – …

Read More ...

ISO 27001 implementation checklist

If you are starting to implement ISO 27001, you are probably looking for an easy way to implement it. Let me disappoint you: there is no easy way to do it. However, I’ll try to make your job easier – …

Read More ...

Mandatory documented procedures required by ISO 27001

If you heard that ISO 27001 requires many procedures, this is not quite true. The standard actually requires only four documented procedures: a procedure for the control of documents, a procedure for internal ISMS audits, a procedure for corrective action, …

Read More ...

Using ISO 9001 for implementing ISO 27001

You have already implemented ISO 9001? You have heard that ISO 27001 might be a good idea? But how can something that has to do with quality help you implement information security? It can, more than you may think. ISO …

Read More ...