The ISO 27001 & ISO 22301 Blog

How an ISO 27001 expert can become a GDPR data protection officer

Alessandra Nistico | January 20, 2020

If you are an ISO 27001 practitioner, you are a professional trained to establish, implement, maintain, and continually improve a risk-managed Information Security Management System (ISMS). You probably already know that many of your skills and expertise are useful also in implementing the EU GDPR. So, in order to increase …

Relationship between ISO 27701, ISO 27001, and ISO 27002

Antonio Jose Segovia | December 10, 2019

You probably know what the GDPR (General Data Protection Regulation) is, and maybe you also know about information security and the ISO 27001 series standards, but do you know that there is an international standard that is an integration between the general requirements of the GDPR, the Information Security Management …

Infographic: ISO 22301:2012 vs. ISO 22301:2019 revision – What has changed?

Rhand Leal | December 2, 2019

On October 31, 2019, the new revision of the ISO 22301 standard was published. This is the latest revision of the standard on which organizations base their Business Continuity Management Systems (BCMS). This new revision follows an approach similar to that of other ISO management systems, such as ISO 9001 …

ISO 27001 in the banking industry: “One standard to rule them all”

Tom van der Stoop | November 25, 2019

Why should banks go with ISO 27001? If you know the “Lord of the Rings” saga, the headline of this article probably sounds familiar. “One ring to rule them all” refers to the magic ring with the power to control all other magic rings. Am I saying that ISO 27001 …

Do we need to make the transition from ISO 22301:2012 to the 2019 revision?

Rhand Leal | November 5, 2019

The new revision of ISO 22301 was finally published on October 31, 2019, and you are probably asking yourself whether you need to implement the whole standard all over again. Well, a new implementation is not quite necessary – although the 2019 revision did bring some changes, they are not …

3 reasons why ISO 27001 helps to protect confidential information in law firms

Francesca Lucarini | October 15, 2019

ISO 27001 is about protecting information through a set of requirements that, among other methods, preserve information from unauthorized access or use. Every organization handles a variety of information with different associated risks depending on the people or the functional department to which it refers. Law firms are an example …

How to know which firms are ISO 27001 certified

Tom van der Stoop | October 1, 2019

You have an important project to develop, and you need to hire some external partner, e.g., a SaaS company, to make it to the end. You’ve determined information security to be one of the top-priority criteria that should be fulfilled when deciding which vendor to select for your screening process. …

Accredited ISO certification versus non-accredited: What it means and why it matters

Tom van der Stoop | September 16, 2019

“What’s the difference between accredited ISO certification versus the plain ISO certification or ISO compliance?” This is a question I hear often. It might sound like a mere choice of words, but the difference can have a big impact on your company, and whether you need to get certified to …

Why is it important for your hosting partner to be certified against ISO 27001?

Andrea Giesler | July 2, 2019

When it comes to choosing suppliers and service providers for your company, you should work with the utmost care. As we will discuss in this article, your company’s success – and even its survival – may depend on it. Today, we take a closer look at why you should go …

What do the ISO 27001 requirements and structure look like?

Andrea Giesler | June 3, 2019

The ISO 27001 standard offers requirements and a structure that will provide guidance in implementing an Information Security Management System (ISMS). As a management system, ISO 27001 is based on continuous improvement – in this article, you will learn more about how this is reflected in the ISO 27001 requirements …

ISO 27001 for startups – is it worth investing in?

Andrea Giesler | May 21, 2019

In the days of data breaches and growing public awareness of data protection, startups should take information security seriously. Most startups also need to generate revenue quickly, so securing growth and revenue are their main objectives since everything centers around the idea of bringing a product to the market and …

ISO 27001 vs. COBIT: A comparison

Neha Yadav | May 6, 2019

We often come across discussions related to comparisons of different governance standards and frameworks, such as ISO 27001 and COBIT. ISO 27001 focuses on information security controls, while on the other hand, COBIT, which is a governance framework, also includes some ISO 27001-related topics such as security, risks, managing changes, …

What to include in an ISO 27001 remote access policy

Kishore Kumar | April 23, 2019

In this era of data-driven IT, managing and securing your data / information has become the most integral part of running your business. In the article below, we will take you through the best practices to consider for an ISO 27001-compliant remote access policy and effective implementation of information security controls. …

A success story about implementation of ISO 27001 and 9001: How online platform Doccle did it

Marja Colak | April 8, 2019

Is it possible for a SaaS company to implement ISO standards, and how and why should SaaS companies get certified? On your way to success, this is an important step, and this is just what Doccle did, when it broke out as a unique digital player in Belgium and beyond. …