Comparison of SOC 2 and ISO 27001 certification
Rhand Leal
Updated: December 12, 2022., according to ISO 27001:2022 revision. All over the world, customers are becoming more and more concerned...
Updated: December 12, 2022., according to ISO 27001:2022 revision. All over the world, customers are becoming more and more concerned about how vendors working for them can affect their results. As a consequence, they increasingly...
Comparison of HIPAA compliance and ISO 27001 certification
Update 2022-04-25. All over the world, organizations in the healthcare industry are becoming more and more interested in protecting their...
Update 2022-04-25. All over the world, organizations in the healthcare industry are becoming more and more interested in protecting their patients’ information; but, in the United States, this need goes back to 1996, with the...
A success story about implementation of ISO 27001 and 9001: How online platform Doccle did it
Marja Colak
Is it possible for a SaaS company to implement ISO standards, and how and why should SaaS companies get certified?...
Is it possible for a SaaS company to implement ISO standards, and how and why should SaaS companies get certified? On your way to success, this is an important step, and this is just what...
How can ISO 27001 help you comply with SOX section 404
A number of high-profile corporate and accounting scandals collapsed several big players like Enron and WorldCom, and played havoc on...
A number of high-profile corporate and accounting scandals collapsed several big players like Enron and WorldCom, and played havoc on global investment market. In the wake of these scandals, U.S. SOX law was introduced to...
How to perform an ISO 27001 second-party audit of an outsourced supplier
To focus on their core business, many organizations rely on outsourced suppliers to perform support processes. While this approach may...
To focus on their core business, many organizations rely on outsourced suppliers to perform support processes. While this approach may bring benefits like costs savings, and access to expert knowledge and state-of-the-art technology, it can...
Should information security focus on asset protection, compliance, or corporate governance?
Dejan Kosutic
Traditionally, information security has been perceived as an activity that was built around protecting sensitive information assets – after all,...
Traditionally, information security has been perceived as an activity that was built around protecting sensitive information assets – after all, this is what the first (2005) revision of ISO 27001, and its predecessor BS 7799-2,...
How two-factor authentication enables compliance with ISO 27001 access controls
Access control is one of the cornerstones of security. If you cannot control who access what, you cannot ensure security...
Access control is one of the cornerstones of security. If you cannot control who access what, you cannot ensure security at all. Because of that, access control stays in the main focus of security teams...
Does ISO 27001 implementation satisfy EU GDPR requirements?
Carla Bouca
Lately, I’ve been asked questions like: “If ISO 27001 is implemented in my organization, will it fully comply with European General...
Lately, I’ve been asked questions like: “If ISO 27001 is implemented in my organization, will it fully comply with European General Data Protection Regulation (EU GDPR) requirements?” and “Our company is ISO 27001 certified. Are we...
The blessing of continuous improvement in ISO 22301
Wolfgang Mahr
As with any other ISO management standard, not improving is not an option in ISO 22301. Best results can be...
As with any other ISO management standard, not improving is not an option in ISO 22301. Best results can be achieved if improvements are applied to different aspects of the BCM approach. What improvement area...
ISO 27001 Internal Auditor training – Is it good for my career?
With business processes under constant pressure from management, customers, and other interested parties, to protect information exactly as requested, by...
With business processes under constant pressure from management, customers, and other interested parties, to protect information exactly as requested, by means of technical specifications, legal requirements, or business objectives, and the greater complexity and sophistication...
