What to include in an ISO 27001 remote access policy

Kishore Kumar | April 23, 2019

In this era of data-driven IT, managing and securing your data / information has become the most integral part of running your business. In the article below, we will take you through the best practices to consider for an ISO 27001-compliant remote access policy and effective implementation of information security controls. …

A success story about implementation of ISO 27001 and 9001: How online platform Doccle did it

Marja Colak | April 8, 2019

Is it possible for a SaaS company to implement ISO standards, and how and why should SaaS companies get certified? On your way to success, this is an important step, and this is just what Doccle did, when it broke out as a unique digital player in Belgium and beyond. …

What are the benefits of security awareness training for organizations?

Gary Hinson | March 27, 2019

When learning about information security, we become broadly aware of general risks to information plus basic controls through a gradual and widespread educational process, sometimes supplemented with more intensive training in specific areas (such as how to respond to security warnings, and how to recognize and handle privacy issues). This …

How ISO 27001 and TISAX are related

Antonio Jose Segovia | March 11, 2019

You probably know what ISO 27001 is, because it is an international standard, very popular in the information security sector, that helps organizations of all sectors to protect their information. But, did you know that the automotive industry is also interested in information security, and that they even have their …

The most common physical and network controls when implementing ISO 27001 in a data center

Neha Yadav | February 26, 2019

Security controls for Data Centers are becoming a huge challenge due to increasing numbers of devices and equipment being added.  In this article you will see how to build an ISO 27001 compliant Data Center by identification and effective implementation of information security controls. The article summarizes ISO 27001 Data …

Why is ISO 27001 applicable also for paper-based information?

Rhand Leal | January 21, 2019

Although digital information has become the generally accepted standard for handling information, there might be situations where organizations still use paper-based information, and this documentation also must be protected according to its sensitivity and importance to the business. While it may be perceived more as a standard related to digital …

ISO 27001 information security event vs. incident vs. non-compliance

Rhand Leal | December 3, 2018

No environment can be 100% secure. Problems (which can be broadly described as “occurrences” or “deviations”) will happen, but not all problems need to be treated the same way, and this can have a significant impact on the effort, and costs, of security management. This article will present three concepts …

RACI matrix for ISO 27001 implementation project

Rhand Leal | November 5, 2018

Very often, an ISO 27001 implementation project is a multi-level and multidisciplinary endeavor, where personnel involved have different roles and responsibilities as the project progresses. To help clarify and control personnel involvement, many projects make use of the RACI matrix, and in this article, we’ll show one example of how to …

5 practical tips for media disposal according to ISO 27001

Antonio Jose Segovia | October 22, 2018

Today, media devices are less common than they were some years ago, because the current trend is the cloud, although there are still a lot of people using pen drives, external hard drives, etc. And, of course, all the information in the cloud is ultimately stored on a server, i.e., …

Does ISO 27001 help CCPA compliance?

Rhand Leal | October 16, 2018

In the wake of the increasing concerns over privacy protection, the U.S. state of California passed a new regulation at the end of June of this year to ensure the protection of Californian consumers. Coming into force by January 1, 2020, this law requires new levels of commitment by organizations …

What to consider in case of termination or change of employment according to ISO 27001

Rhand Leal | September 3, 2018

As relationships between people and organizations evolve, it is natural for work situations to change. Concluded contracts lead to termination of employment relationships, and opportunities or gaps in roles or functions lead people to relocate to new positions. While organizations normally have processes to accommodate people in these new situations, …

What to consider in security terms and conditions for employees according to ISO 27001

Rhand Leal | May 23, 2018

A good way to ensure that people are aware of their roles and responsibilities in an organization is by defining policies and procedures to be followed. But this solution has a limitation: they only cover the people who are already working for the organization and have access to information. What …

How to use Open Web Application Security Project (OWASP) for ISO 27001?

Antonio Jose Segovia | April 24, 2018

Essentially, OWASP (Open Web Application Security Project) is an online community developing international open projects related to Web Application Security. Mainly, it was created to develop secure web applications. Most of these projects have documents, guides and tools which can be useful for an ISO 27001 implementation. Why is OWASP …

How to address opportunities in ISO 27001 risk management using ISO 31000

Rhand Leal | April 13, 2018

Businesses are full of risks, and organizations should do their best to identify, evaluate, and treat all of them – or at least the most relevant ones. This is called risk management, which can vary from subconscious decisions to fully aware choices based on complex methodologies and data arrangements. But, …