Understanding ISO 27001 Language

    One of the main rules of good communication is to adjust your speech to the target audience. ISO 27001 has its own set of terms, useful to leverage the understanding between security practitioners. However, an organization is more than its security personnel. Top management, middle management, line workers, clients, and many …

    Read More ...

    Achieving continual improvement through the use of maturity models

    Like any other ISO management system, ISO 27001 has a requirement for continual improvement (clause 10.2). It is like that because no process, no matter how well established and implemented, compliant with ISO standards or not, can maintain high levels of performance without continuously making adjustments to adapt to scenario changes. …

    Read More ...

    Special interest groups: A useful resource to support your ISMS

    An Information Security Management System (ISMS) is only as good as its ability to keep up with the requirements of the business and provide adequate protection against the risks the organization is exposed to. To accomplish this, information about the environment must be evaluated constantly, but who will do this? …

    Read More ...

    How personal certificates can help your company’s ISMS

    One of the greatest challenges in managing information security is assuring that people can handle information and execute security activities in a proper manner. Unprepared and untrained people can pose a risk to information, and to business, and they are as dangerous as any other known threats. ISO 27001 requirements …

    Read More ...

    Risk appetite and its influence over ISO 27001 implementation

    Clause 6.1.2 (a) (1) of ISO 27001:2013 states that an organization must establish and maintain information security risk criteria, and those must include criteria for risk acceptance. Since these criteria have direct influence on how organizational risks are treated, defining them is critical to make ISO 27001 add value to the …

    Read More ...

    Mandatory documents required by 2019 revision of ISO 22301

    Updated according to ISO 22301:2019. What should your business continuity documentation contain? This is probably what you’re asking yourself if you are implementing ISO 22301, preparing for the internal audit, or preparing for the certification audit. ISO 22301 Mandatory documents To help you out, here’s the list of mandatory documentation …

    Read More ...