The ISO 27001 & ISO 22301 Blog

Rhand Leal

ISO 27001 information security event vs. incident vs. non-compliance

No environment can be 100% secure. Problems (which can be broadly described as “occurrences” or “deviations”) will happen, but not all problems need to be treated the same way, and this can have a significant impact on the effort, and costs, of security management. This article will present three concepts …

Read More ...
Rhand Leal

RACI matrix for ISO 27001 implementation project

Very often, an ISO 27001 implementation project is a multi-level and multidisciplinary endeavor, where personnel involved have different roles and responsibilities as the project progresses. To help clarify and control personnel involvement, many projects make use of the RACI matrix, and in this article, we’ll show one example of how to …

Read More ...
Antonio Jose Segovia

5 practical tips for media disposal according to ISO 27001

Today, media devices are less common than they were some years ago, because the current trend is the cloud, although there are still a lot of people using pen drives, external hard drives, etc. And, of course, all the information in the cloud is ultimately stored on a server, i.e., …

Read More ...
Rhand Leal

Does ISO 27001 help CCPA compliance?

In the wake of the increasing concerns over privacy protection, the U.S. state of California passed a new regulation at the end of June of this year to ensure the protection of Californian consumers. Coming into force by January 1, 2020, this law requires new levels of commitment by organizations …

Read More ...
Rhand Leal

What to consider in case of termination or change of employment according to ISO 27001

As relationships between people and organizations evolve, it is natural for work situations to change. Concluded contracts lead to termination of employment relationships, and opportunities or gaps in roles or functions lead people to relocate to new positions. While organizations normally have processes to accommodate people in these new situations, …

Read More ...
Rhand Leal

What to consider in security terms and conditions for employees according to ISO 27001

A good way to ensure that people are aware of their roles and responsibilities in an organization is by defining policies and procedures to be followed. But this solution has a limitation: they only cover the people who are already working for the organization and have access to information. What …

Read More ...
Antonio Jose Segovia

How to use Open Web Application Security Project (OWASP) for ISO 27001?

Essentially, OWASP (Open Web Application Security Project) is an online community developing international open projects related to Web Application Security. Mainly, it was created to develop secure web applications. Most of these projects have documents, guides and tools which can be useful for an ISO 27001 implementation. Why is OWASP …

Read More ...
Rhand Leal

How to address opportunities in ISO 27001 risk management using ISO 31000

Businesses are full of risks, and organizations should do their best to identify, evaluate, and treat all of them – or at least the most relevant ones. This is called risk management, which can vary from subconscious decisions to fully aware choices based on complex methodologies and data arrangements. But, …

Read More ...
Rhand Leal

How to perform background checks according to ISO 27001

“The human factor is the weakest link in the security.” How many times have we already heard this sentence? How many stories have we already heard about security incidents caused by human failure or inaction? In an effort to minimize this situation, organizations all around the world have been working …

Read More ...
Rhand Leal

Can ISO 27001 help your organization in a DDoS attack?

In a connected world where hundreds of transactions are made every minute, every second your systems are down or inaccessible may represent a significant impact on your organizations’ business. And, while prevention of infrastructure failures is an immediate and obvious concern for decision makers, a more subtle and insidious threat …

Read More ...
Rhand Leal

How can ISO 27001 help you comply with SOX section 404

A number of high-profile corporate and accounting scandals collapsed several big players like Enron and WorldCom, and played havoc on global investment market. In the wake of these scandals, U.S. SOX law was introduced to restore public confidence of financial information released by public organizations. The laws required new levels …

Read More ...
Wolfgang Mahr

Organizational Resilience – Positioning Against ISO 22301-Based Business Continuity

Approaches and methods to successfully and sustainably run businesses are being rapidly developed. Recently, the term of Organizational Resilience was interpreted as being the new expression for the term Business Continuity. According to industry sources, based on recent ISO standardization work (ISO 22316:2017), Organizational Resilience is an all-encompassing concept that …

Read More ...
Rhand Leal

European 2017 Revision of ISO/IEC 27001: What has changed?

Released at the beginning of April 2017 by BSI (the British Standards Institution), the standard BS EN ISO/IEC 27001:2017 is a corrigendum over previous standard BS ISO/IEC 27001:2013. It has raised some concern among organizations with Information Security Management Systems certified against ISO 27001, the leading ISO standard for information …

Read More ...
Rhand Leal

How to perform an ISO 27001 second-party audit of an outsourced supplier

To focus on their core business, many organizations rely on outsourced suppliers to perform support processes. While this approach may bring benefits like costs savings, and access to expert knowledge and state-of-the-art technology, it can also involve risks related to loss of control over how these processes are performed and …

Read More ...

OUR CLIENTS

OUR PARTNERS

  • Advisera is Exemplar Global Certified TPECS Provider for the IS, QM, EM, TL and AU Competency Units.
  • ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.