How to classify information according to ISO 27001 in four steps
Dejan Kosutic
Updated: November 14, 2022., according to ISO 27001:2022 revision. Classification of information is certainly one of the most attractive parts of...
Updated: November 14, 2022., according to ISO 27001:2022 revision. Classification of information is certainly one of the most attractive parts of information security management, but at the same time, one of the most misunderstood. This is...
Has the PDCA Cycle been removed from the new ISO standards?
Lately I’ve been receiving (too) many questions asking, “Why did the new revision of ISO 27001 cut out the PDCA...
Lately I’ve been receiving (too) many questions asking, “Why did the new revision of ISO 27001 cut out the PDCA cycle?” And, on first sight, you might be misled because the standard really doesn’t mention...
ISO 31000 and ISO 27001 – How are they related?
Last updated on March 10, 2022. Contrary to the popular belief that ISO 31000 is now mandatory for ISO 27001...
Last updated on March 10, 2022. Contrary to the popular belief that ISO 31000 is now mandatory for ISO 27001 implementation, this is not true. However, when comparing ISO 27001 vs. ISO 31000, the latter...
The most popular ISO 27001 & ISO 22301 blog posts
This is my 100th blog post! When I started this blog four years ago, I never dreamed I would have...
This is my 100th blog post! When I started this blog four years ago, I never dreamed I would have that many things to write about… And yet, the more I write, the more ideas...
Why is management review important for ISO 27001 and ISO 22301?
Like some other clauses in ISO 27001 and ISO 22301, clause 9.3, which defines requirements for management review, is one...
Like some other clauses in ISO 27001 and ISO 22301, clause 9.3, which defines requirements for management review, is one of the most misunderstood and most underappreciated elements of these standards. In practice, this review...
Setting the business continuity objectives in ISO 22301
Business continuity objectives are, along with the business impact analysis, probably one of the most difficult elements of ISO 22301...
Business continuity objectives are, along with the business impact analysis, probably one of the most difficult elements of ISO 22301 implementation. Most of the business continuity implementers have problems like these: Which types of objectives...
