Comparison of SOC 2 and ISO 27001 certification
Rhand Leal
Updated: December 12, 2022., according to ISO 27001:2022 revision. All over the world, customers are becoming more and more concerned...
Updated: December 12, 2022., according to ISO 27001:2022 revision. All over the world, customers are becoming more and more concerned about how vendors working for them can affect their results. As a consequence, they increasingly...
Comparison of HIPAA compliance and ISO 27001 certification
Update 2022-04-25. All over the world, organizations in the healthcare industry are becoming more and more interested in protecting their...
Update 2022-04-25. All over the world, organizations in the healthcare industry are becoming more and more interested in protecting their patients’ information; but, in the United States, this need goes back to 1996, with the...
A success story about implementation of ISO 27001 and 9001: How online platform Doccle did it
Marja Colak
Is it possible for a SaaS company to implement ISO standards, and how and why should SaaS companies get certified?...
Is it possible for a SaaS company to implement ISO standards, and how and why should SaaS companies get certified? On your way to success, this is an important step, and this is just what...
How can ISO 27001 help you comply with SOX section 404
A number of high-profile corporate and accounting scandals collapsed several big players like Enron and WorldCom, and played havoc on...
A number of high-profile corporate and accounting scandals collapsed several big players like Enron and WorldCom, and played havoc on global investment market. In the wake of these scandals, U.S. SOX law was introduced to...
How to perform an ISO 27001 second-party audit of an outsourced supplier
To focus on their core business, many organizations rely on outsourced suppliers to perform support processes. While this approach may...
To focus on their core business, many organizations rely on outsourced suppliers to perform support processes. While this approach may bring benefits like costs savings, and access to expert knowledge and state-of-the-art technology, it can...
Should information security focus on asset protection, compliance, or corporate governance?
Dejan Kosutic
Traditionally, information security has been perceived as an activity that was built around protecting sensitive information assets – after all,...
Traditionally, information security has been perceived as an activity that was built around protecting sensitive information assets – after all, this is what the first (2005) revision of ISO 27001, and its predecessor BS 7799-2,...
How two-factor authentication enables compliance with ISO 27001 access controls
Access control is one of the cornerstones of security. If you cannot control who access what, you cannot ensure security...
Access control is one of the cornerstones of security. If you cannot control who access what, you cannot ensure security at all. Because of that, access control stays in the main focus of security teams...
Does ISO 27001 implementation satisfy EU GDPR requirements?
Carla Bouca
Lately, I’ve been asked questions like: “If ISO 27001 is implemented in my organization, will it fully comply with European General...
Lately, I’ve been asked questions like: “If ISO 27001 is implemented in my organization, will it fully comply with European General Data Protection Regulation (EU GDPR) requirements?” and “Our company is ISO 27001 certified. Are we...
The blessing of continuous improvement in ISO 22301
Wolfgang Mahr
As with any other ISO management standard, not improving is not an option in ISO 22301. Best results can be...
As with any other ISO management standard, not improving is not an option in ISO 22301. Best results can be achieved if improvements are applied to different aspects of the BCM approach. What improvement area...
ISO 27001 Internal Auditor training – Is it good for my career?
With business processes under constant pressure from management, customers, and other interested parties, to protect information exactly as requested, by...
With business processes under constant pressure from management, customers, and other interested parties, to protect information exactly as requested, by means of technical specifications, legal requirements, or business objectives, and the greater complexity and sophistication...
Key performance indicators for an ISO 27001 ISMS
Think about a medical exam. Our objective is for the physician to tell us that our health is ok and...
Think about a medical exam. Our objective is for the physician to tell us that our health is ok and that we’ll live a long life, right? And how does the physician evaluate our health...
What Can War Teach Us About Mainframe Security?
Vaune M. Carr
The mainframe environment, or Big Iron, continues to grow at a rate of about 5% per year according to recent...
The mainframe environment, or Big Iron, continues to grow at a rate of about 5% per year according to recent predictions. While experts have historically considered the Mainframe to be the safest environment from a...
Who are interested parties, and how can you identify them according to ISO 27001 and ISO 22301?
Updated: November 17, 2022. One of the hot questions these days is related to clause 4.2 in both ISO 27001 and...
Updated: November 17, 2022. One of the hot questions these days is related to clause 4.2 in both ISO 27001 and ISO 22301 – Understanding the needs and expectations of interested parties. Actually, their identification is...
