Show me desktop version
CALL US 1-888-553-2256
United States

The ISO 27001 & ISO 22301 Blog

Where does information security fit into a company?

Very often, I hear controversial discussions about whether information security is part of IT, or whether it should be separate from it, part of some compliance or risk department, etc. But, before we determine who should be handling information security and from which organizational unit, let’s see first the conceptual …

Read More ...

How to document roles and responsibilities according to ISO 27001

Information security professionals who are new in ISO 27001 very often tend to think this standard requires a very centralized and very detailed definition of roles and responsibilities. Actually, this is not true. Please don’t get me wrong: assigning and communicating roles and responsibilities is important, because that is how all employees in …

Read More ...

Who should be your project manager for ISO 27001/ISO 22301?

If you’re planning to start your ISO 27001 and/or ISO 22301 project, you’re probably wondering who could lead such a complex project – what type of person do you need, with which authorities, and should you go with someone in-house or someone from the outside? First of all, don’t even …

Read More ...

How to perform training & awareness for ISO 27001 and ISO 22301

Most of the information security/business continuity practitioners I speak with have the same problem: the employees in their companies don’t take them seriously – not only the top managers, but also their peers. This is due to the fact that the employees usually do not understand what information security or …

Read More ...

Chief Information Security Officer (CISO) – where does he belong in an org chart?

Companies that start implementing an information security program, or specifically ISO 27001, very soon realize that they cannot do it without a person who would coordinate and manage such activities. But then they face the following dilemmas: Who should this person be responsible to? In which department should this person …

Read More ...
Dejan Kosutic
Lead ISO 27001/22301 Expert, Advisera


ISO 27001 & ISO 22301
Free Downloads


Upcoming free webinar
Writing a business continuity plan according to ISO 22301
Wednesday - March 28, 2018
Show posts:



  • Exemplar Global (formerly RABQSA) is leading international authority in certification of training providers.
  • ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.
Request callback
Request callback

Or call us directly

International calls
+1 (646) 759 9933