Show me desktop version

The ISO 27001 & ISO 22301 Blog

Records management in ISO 27001 and ISO 22301

In the beginning of ISO 27001 or ISO 22301 implementation, records might seem like one of those bureaucratic requirements of these standards with no real purpose, and that will only take up your time. However, chances are you already have many records that can be used, and the ones you’ll have to …

Read More ...

Will a piece of paper stop the attackers?

There are many skeptics who do not believe ISO 27001 can help protect their information and/or information systems; one of their main arguments is: “Writing a policy or a procedure surely won’t help against someone who wants to steal your information.” And I agree with them – simply writing a …

Read More ...

How to structure the documents for ISO 27001 Annex A controls

Once you’ve finished your risk assessment and treatment, it is time for you to start writing documents that describe your security controls according to ISO 27001 Annex A. But, which documents should you write? How do you structure them? Which one do you begin with? Here’s what I found to be …

Read More ...

When to use tools for ISO 27001/ISO 22301 and when to avoid them

If you’re starting to implement complex standards like ISO 27001 or ISO 22301, you’re probably looking for a way to make your job easier. Who wouldn’t? After all, reinventing the wheel doesn’t sound like a very interesting job. So, you start looking for some tool to help you with these information …

Read More ...

How detailed should the ISO 27001 documents be?

When starting to write a policy or a procedure, you’re probably puzzled as to how lengthy it should be. And the truth is, ISO 27001 (as well as other ISO standards like ISO 20000, ISO 9001, ISO 14001 and others) are very flexible in this respect. They basically allow you the freedom to …

Read More ...

8 criteria to decide which ISO 27001 policies and procedures to write

If you’re just starting to implement ISO 27001 in your company, you’re probably in a dilemma as to how many documents you need to have, and whether to write certain policies and procedures or not. Criteria for deciding what to document Well, the first step is easy – you need to check …

Read More ...

How to maintain the ISMS after the certification

If you thought that your job was over after the ISO 27001 certification, you’re wrong – the real job with your Information Security Management System (ISMS) has just begun. OK, but where do you start? The good news is that you already have all the directions in your documentation, but …

Read More ...

A first look at the new ISO 27001

Update 2013-09-25: This blog post was updated according to the final version of ISO 27001:2013 that was published on September 25, 2013. When I heard the news that the DIS (draft) version of ISO 27001:2013 is available, I was very impatient to read it. When compared to the old ISO/IEC …

Read More ...

5 ways to avoid overhead with ISO 27001 (and keep the costs down)

There are probably two main thoughts managers have when starting ISO 27001 implementation: (1) we’ll pay quite a lot of money for something we’re not sure is worth it; and (2) the annoyance of maintaining such a system will cost us even more. Yes, ISO 27001 does require an investment, …

Read More ...

The documentation myth – Why the templates are not enough?

I noticed that many people running ISO 27001 projects who have downloaded documentation templates think “I have the templates now – the rest is easy. I’ll write a few documents, show them to auditor, and it’ll be over in a few days”. Unfortunately, it’s not that easy. Here’s why: 1. …

Read More ...

Document management in ISO 27001 & BS 25999-2

Why is it that ISO 27001 and BS 25999-2 put such an emphasis on the control of documents? Both standards define very strictly how the documents must be managed, and require that the organization must have a documented procedure for managing documents – even worse, you won’t get certified unless …

Read More ...

Using ISO 9001 for implementing ISO 27001

You have already implemented ISO 9001? You have heard that ISO 27001 might be a good idea? But how can something that has to do with quality help you implement information security? It can, more than you may think. ISO 9001 specifies how the quality management systems (QMS) must look …

Read More ...

ISO 27001 & ISO 22301
Free Downloads

 

Upcoming free webinar
ISO 27001 & ISO 22301: Why is it better to implement them together?
Wednesday - March 1, 2017
Show posts:
Request callback
Request callback

Or call us directly

International calls
+1 (646) 759 9933