The ISO 27001 & ISO 22301 Blog

Rhand Leal

How to identify ISMS requirements of interested parties in ISO 27001

“If you do not know where you’re going, you’re unlikely to end there.” This saying from the title character in the movie Forrest Gump describes perfectly why many projects fail: lack of clear requirements. Definition of requirements is so important that, since 2012, all published ISO management systems standards, including …

Read More ...
Rhand Leal

How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC)

Information security is only as good as the processes related to it, yet we find many organizations concerned only about whether security features exist and are active in their information systems, and not how they are developed, implemented, maintained, and improved. As a result, many information systems fail to protect …

Read More ...
Rhand Leal

How two-factor authentication enables compliance with ISO 27001 access controls

Access control is one of the cornerstones of security. If you cannot control who access what, you cannot ensure security at all. Because of that, access control stays in the main focus of security teams and wrongdoers. Today, simple use of passwords, tokens, or biometrics is not enough to prevent …

Read More ...
Rhand Leal

Enabling communication during disruptive incidents according to ISO 22301

Disasters and disruptive business incidents push people and organizations to their limits, and one of the first impacted elements are communication systems. Depending on incident type and magnitude, increased demand for communication, or communication infrastructure capability reduction, may render communication impossible, adding more confusion to an already chaotic situation. ISO …

Read More ...
Wolfgang Mahr

Organizational resilience according to ISO 22316 – Is this another buzzword?

Both management systems standards on information security (ISO 27001) and business continuity (ISO 22301), while trying to encompass the whole organization, still lack components and dimensions to holistically protect an enterprise. The concept of resilience expands these approaches and enhances the preparedness and development of organizations. Resilience – What’s this? …

Read More ...
Rhand Leal

Beyond the BCM Manager: Additional roles to consider during the disruptive incident

A crisis or disaster is something that no organization, regardless of its size, wants to go through. Because of this, many of them adopt business continuity practices, such as Business Continuity Management Systems (BCMS) based on ISO 22301, to minimize the chances of such events occurring and, if they occur, …

Read More ...
Nina Ugrinoska

What does ISO 27001 Lead Implementer training look like?

The ISMS (Information Security Management System) plays a very important role in every business these days. Since implementation of the ISMS can be a complex process (and usually differs in each industry sector), in order to participate and build this system, a good approach is to learn how to implement …

Read More ...
Rhand Leal

Segregation of duties in your ISMS according to ISO 27001 A.6.1.2

Today’s automated solutions and information and communication technologies allow a few people to handle a great deal of information and processes (e.g., stock exchange operators and air traffic controllers). While this is good to improve productivity, a potential side effect is that these few people may end up gathering excessive …

Read More ...
Carla Bouca

How can ISO 27001 help protect your company against ransomware?

Ransomware is a sophisticated malware that blocks users’ access to their files through the use of encryption. The attackers will ask for a ransom to unlock the infected computer. Although ransomware has been known as a method of attack for a long time, it is still very much in use …

Read More ...
Wolfgang Mahr

ISO 22301 Case study in the travel industry: Business continuity as a necessity in customer care

Business continuity protects an organization from the impacts of business disruptions. The goal is to provide a certain level of products and services to customers during disruptions. But, what do industries need in order to take care of their customers themselves? As usual, a normal project start… As a case …

Read More ...
Rhand Leal

Data Privacy Protection, ISO 27001 and CISPE Code of Conduct

With mandated compliance with the European Union (EU) General Data Protection Regulation (GDPR) ever closer, organizations that handle personal data of European citizens are rushing to adapt their operations to new requirements to avoid problems with customers and authorities. With respect to cloud infrastructure services, a particular effort may come …

Read More ...
Dejan Kosutic

Where does information security fit into a company?

Very often, I hear controversial discussions about whether information security is part of IT, or whether it should be separate from it, part of some compliance or risk department, etc. But, before we determine who should be handling information security and from which organizational unit, let’s see first the conceptual …

Read More ...
Carla Bouca

Does ISO 27001 implementation satisfy EU GDPR requirements?

Lately, I’ve been asked questions like: “If ISO 27001 is implemented in my organization, will it fully comply with European General Data Protection Regulation (EU GDPR) requirements?” and “Our company is ISO 27001 certified. Are we already compliant with EU GDPR?” The new regulation introduces a set of rules that require …

Read More ...
Rhand Leal

How to integrate COSO, COBIT, and ISO 27001 frameworks

Recently, the ISO (International Standardization Organization) updated ISO 9001, ISO 14001, and ISO 27001 to make easier to use them together. But, how do they interact with practices outside the ISO world? How to integrate COSO, COBIT, and ISO 27001 frameworks. This article will present how ISO 27001 can be …

Read More ...

OUR CLIENTS

OUR PARTNERS

  • Advisera is Exemplar Global Certified TPECS Provider for the IS, QM, EM and AU Competency Units.
  • ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.