Show me desktop version

 

The ISO 27001 & ISO 22301 Blog

 

8 criteria to decide which ISO 27001 policies and procedures to write

Share via email

If you’re just starting to implement ISO 27001 in your company, you’re probably in a dilemma as to how many documents you need to have, and whether to write certain policies and procedures or not. Criteria for deciding what to document Well, …

Read More ...

How to become an ISO 27001 / ISO 22301 consultant

Share via email

If you are thinking about a career change, becoming an independent consultant for ISO 27001 and/or ISO 22301 certainly sounds like an attractive option. But what do you need to know, and what do you need to have to start your own …

Read More ...

How to maintain the ISMS after the certification

Share via email

If you thought that your job was over after the ISO 27001 certification, you’re wrong – the real job with your Information Security Management System (ISMS) has just begun. OK, but where do you start? The good news is that …

Read More ...

What has changed in risk assessment in ISO 27001:2013

Share via email

Risk assessment has always been a hot topic, and especially now with the changes in the ISO 27001 2013 revision – there are many doubts as to whether the risk assessment you’ve done according to the 2005 revision needs to …

Read More ...

6-step process for handling supplier security according to ISO 27001

Share via email

Since more and more data is being processed and stored with third parties, the protection of such data is becoming an increasingly significant issue for information security professionals – it’s no wonder that the new 2013 revision of ISO 27001 …

Read More ...

What is the job of Chief Information Security Officer (CISO) in ISO 27001?

Share via email

It may sound rather funny, but ISO 27001 does not require a company to nominate a Chief Information Security Officer, or any other person who would coordinate information security (e.g., Information security officer, Security manager, etc.). However, this is understandable …

Read More ...

Lead Auditor Course vs. Lead Implementer Course – Which one to go for?

Share via email

If you are just entering the world of ISO 27001 or ISO 22301, you’re probably considering going for some training. This is certainly a good idea; however, which course is better for you – Lead Auditor Course, or Lead Implementer …

Read More ...

Roles and responsibilities of top management in ISO 27001 and ISO 22301

Share via email

Did you know that, in most cases, failure to implement ISO 27001 or ISO 22301 was directly related to the fact that top management did not want to assume their responsibilities for information security / business continuity in their companies? …

Read More ...

Major vs. minor nonconformities in the certification audit

Share via email

If your company is considering going for the certification, it is always a good thing to know what to expect. Since nonconformities are one of the most important outcomes of the certification audit (and the most unpleasant), it is probably …

Read More ...

How to handle Asset register (Asset inventory) according to ISO 27001

Share via email

Unfortunately, if you already developed a fixed asset register, it is not going to be enough to be compliant with ISO 27001 – the concept of asset inventory (sometimes called the asset register) in information security is quite different from …

Read More ...