Show me desktop version
CALL US 1-888-553-2256
CountryCountry

The ISO 27001 & ISO 22301 Blog

Dejan Kosutic

Where does information security fit into a company?

Very often, I hear controversial discussions about whether information security is part of IT, or whether it should be separate from it, part of some compliance or risk department, etc. But, before we determine who should be handling information security and from which organizational unit, let’s see first the conceptual …

Read More ...
Dejan Kosutic

How to document roles and responsibilities according to ISO 27001

Information security professionals who are new in ISO 27001 very often tend to think this standard requires a very centralized and very detailed definition of roles and responsibilities. Actually, this is not true. Please don’t get me wrong: assigning and communicating roles and responsibilities is important, because that is how all employees in …

Read More ...
Dejan Kosutic

Who should be your project manager for ISO 27001/ISO 22301?

If you’re planning to start your ISO 27001 and/or ISO 22301 project, you’re probably wondering who could lead such a complex project – what type of person do you need, with which authorities, and should you go with someone in-house or someone from the outside? First of all, don’t even …

Read More ...
Dejan Kosutic

How to perform training & awareness for ISO 27001 and ISO 22301

Most of the information security/business continuity practitioners I speak with have the same problem: the employees in their companies don’t take them seriously – not only the top managers, but also their peers. This is due to the fact that the employees usually do not understand what information security or …

Read More ...
Dejan Kosutic

Chief Information Security Officer (CISO) – where does he belong in an org chart?

Companies that start implementing an information security program, or specifically ISO 27001, very soon realize that they cannot do it without a person who would coordinate and manage such activities. But then they face the following dilemmas: Who should this person be responsible to? In which department should this person …

Read More ...

OUR CLIENTS

OUR PARTNERS

  • Advisera is Exemplar Global Certified TPECS Provider for the IS, QM, EM and AU Competency Units.
  • ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.