Show me desktop version
CALL US 1-888-553-2256
United StatesUnited States

The ISO 27001 & ISO 22301 Blog

7 ways to improve the internal audits of your ISO 27001 ISMS

ISO 27001:2013 states that the purpose of the internal audit is to check compliance against both “the organization’s own requirements … and the requirements of this International Standard.” Aside from being a necessity of the standard, internal audits are important for several other reasons: Internal audits identify and rectify any …

Read More ...

How to structure the documents for ISO 27001 Annex A controls

Once you’ve finished your risk assessment and treatment, it is time for you to start writing documents that describe your security controls according to ISO 27001 Annex A. But, which documents should you write? How do you structure them? Which one do you begin with? Here’s what I found to be …

Read More ...

Can ISO 27001 risk assessment be used for ISO 22301?

A few days ago I received the following question from one of our clients: “What is the difference between ISMS Risk Assessment and BCM Risk Assessment?” And, although the answer to this question might seem easy, in actuality it is not. Here’s the rest of his question: “… Because on …

Read More ...

Main changes in the new ISO 27002

Update 2013-09-25: This blog post was updated according to the final version of ISO 27002:2013 that was published on September 25, 2013 In my previous blog post I analyzed the changes between the old ISO 27001 (published in 2005) and the 2013 revision; naturally, controls from ISO 27001 Annex A …

Read More ...

ISO 27002 – What will the next revision bring?

It’s been six years since the last revision of ISO/IEC 27002 (in 2005) – much has changed in information security since then, and this standard definitely needs some “facelifting”. Since ISO 27002 is closely tied to ISO 27001, this revision has to be done simultaneously for both standards, and is …

Read More ...
Dejan Kosutic
Lead ISO 27001/22301 Expert, Advisera


ISO 27001 & ISO 22301
Free Downloads


Upcoming free webinar
Writing a business continuity plan according to ISO 22301
Wednesday - March 28, 2018
Show posts:



  • Exemplar Global (formerly RABQSA) is leading international authority in certification of training providers.
  • ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.
Request callback
Request callback

Or call us directly

International calls
+1 (646) 759 9933