Practical use of corrective actions for ISO 27001 and ISO 22301

Is your company one of those that has no idea what the purpose of corrective actions is? Do you prepare your corrective actions only a couple of days prior to your certification audit? And do you think corrective actions are one of those requirements of ISO 27001/ISO 22301 with no …

Read More ...

How to approach an auditor in a certification audit

If you’re going for the certification audit, you are probably wondering how to approach the auditor. In my opinion, the most important thing is not to forget that auditors are only people, and no matter how professional they are, they will always be glad if you treat them fairly; on …

Read More ...

How to define activities when implementing business continuity according to ISO 22301

In several places in ISO 22301, it is required to define the activities within the company; not only this, activities are a basic unit upon which the business impact analysis is made. So what are these activities? Unfortunately, activity is not a very well-chosen word because it is very often …

Read More ...

NFPA 1600 vs. ISO 22301 – Similarities and differences

If you are a business continuity practitioner in the U.S., you’re probably wondering which standard to apply – NFPA 1600 or ISO 22301. After all, they are both business continuity standards, and they both have very significant backgrounds – U.S. government agencies seem to love NFPA 1600, and ISO 22301 …

Read More ...

ISO 27001 Case study for data centers: An interview with Goran Djoreski

DK: More than a year and a half has passed since you were certified by ISO 27001 – what are your impressions? Was it really worth it? GD: It was definitely worth it, since it turned out that an ISO 27001 certification is not necessarily a competitive advantage, but rather …

Read More ...

How to address main concerns with ISO 27001 implementation

Last week I delivered two webinars on the topic of ISO 27001, and I have asked the attendees to send me their top concerns regarding ISO 27001 implementation before those webinars. I’ve summarized most common concerns into the following five areas – I’ve presented them in the webinars, and here …

Read More ...

Is ISO 27001 among the top ISO standards?

Do you know which ISO standards are the most popular? And whether ISO 27001 is among the most popular? There is both good and bad news for information security enthusiasts – ISO 27001 really is among the most popular, but it is insignificant compared to, say, ISO 9001. Top ISO …

Read More ...

Implement ISO 27001 according to current 2005 revision, or wait for new 2013 revision?

Update 2013-09-25: ISO/IEC 27001:2013 was published on September 25, 2013. Currently, the most repeated question I hear from companies implementing ISO 27001 is: “I heard a new revision of ISO 27001 is soon to be published – what should we do? Should we wait for the new revision or implement …

Read More ...

One Information Security Policy, or several policies?

Very often I see questions on various forums on how to develop an Information Security Policy. Quite frankly, I don’t think it is a good idea to stuff all the security rules into a single document, and here’s why… Information security policy vs. ISMS Policy First of all, let’s clarify …

Read More ...

The purpose of Business continuity policy according to ISO 22301

Why would you need a Policy once you have Business impact analysis, Business continuity strategy and Business continuity plan? This is probably a question many experienced business continuity/disaster recovery practitioners are asking themselves, so here’s why ISO 22301 (a leading business continuity management standard) says it’s mandatory. Main purpose The …

Read More ...

ISO 22301 vs. ISO 22313

I was quite skeptical when I started to read ISO 22313, the guidance standard on business continuity management, but I was proved to be wrong. It can be quite useful as a supplement to ISO 22301 – here’s what I found: Similarities and differences If you are familiar with ISO …

Read More ...

Backup policy – How to determine backup frequency

Did you think that the frequency of backup is based on the IT manager’s whims? Or, perhaps, based on the least expensive solution? Well, you are wrong. Backup policy, or to be precise – the most important part of this policy – how often the backup is to be performed, …

Read More ...

ISO 27001 project – How to make it work

Many companies don’t realize this, but setting the ISO 27001 project properly at the beginning of the implementation is one of the most important elements if you want to implement ISMS in an acceptable time and budget. Don’t try this without management support Management commitment must come before anything else …

Read More ...

5 criteria for choosing an ISO 22301 / ISO 27001 consultant

If you’re implementing ISO 27001 or ISO 22301 for the first time, you’re probably considering hiring a consultant to help you. But, which consultant should you hire, what are the potential problems, and how much should you pay? The purpose of an ISO 22301/ISO 27001 consultant A consultant should shorten …

Read More ...

OUR CLIENTS

OUR PARTNERS

  • Advisera is Exemplar Global Certified TPECS Provider for the IS, QM, EM and AU Competency Units.
  • ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.