Records management in ISO 27001 and ISO 22301
In the beginning of ISO 27001 or ISO 22301 implementation, records might seem like one of those bureaucratic requirements of these standards...
In the beginning of ISO 27001 or ISO 22301 implementation, records might seem like one of those bureaucratic requirements of these standards with no real purpose, and that will only take up your time. However, chances are...
Will a piece of paper stop the attackers?
There are many skeptics who do not believe ISO 27001 can help protect their information and/or information systems; one of...
There are many skeptics who do not believe ISO 27001 can help protect their information and/or information systems; one of their main arguments is: “Writing a policy or a procedure surely won’t help against someone...
How to structure the documents for ISO 27001 Annex A controls
Updated: April 19, 2023, according to the ISO 27001 2022 revision. Once you’ve finished your risk assessment and treatment, it...
Updated: April 19, 2023, according to the ISO 27001 2022 revision. Once you’ve finished your risk assessment and treatment, it is time for you to start writing documents that describe your security controls according to...
How detailed should the ISO 27001 documents be?
When starting to write a policy or a procedure, you’re probably puzzled as to how lengthy it should be. And...
When starting to write a policy or a procedure, you’re probably puzzled as to how lengthy it should be. And the truth is, ISO 27001 (as well as other ISO standards like ISO 20000, ISO 9001, ISO...
8 criteria to decide which ISO 27001 policies and procedures to write
If you’re just starting to implement ISO 27001 in your company, you’re probably in a dilemma as to how many documents you...
If you’re just starting to implement ISO 27001 in your company, you’re probably in a dilemma as to how many documents you need to have, and whether to write certain policies and procedures or not. Criteria for...
How to maintain the ISMS after the certification
If you thought that your job was over after the ISO 27001 certification, you’re wrong – the real job with...
If you thought that your job was over after the ISO 27001 certification, you’re wrong – the real job with your Information Security Management System (ISMS) has just begun. OK, but where do you start?...
A first look at the new ISO 27001
Update 2013-09-25: This blog post was updated according to the final version of ISO 27001:2013 that was published on September...
Update 2013-09-25: This blog post was updated according to the final version of ISO 27001:2013 that was published on September 25, 2013. When I heard the news that the DIS (draft) version of ISO 27001:2013...
5 ways to avoid overhead with ISO 27001 (and keep the costs down)
There are probably two main thoughts managers have when starting ISO 27001 implementation: (1) we’ll pay quite a lot of...
There are probably two main thoughts managers have when starting ISO 27001 implementation: (1) we’ll pay quite a lot of money for something we’re not sure is worth it; and (2) the annoyance of maintaining...
The documentation myth – Why the templates are not enough?
I noticed that many people running ISO 27001 projects who have downloaded documentation templates think “I have the templates now...
I noticed that many people running ISO 27001 projects who have downloaded documentation templates think “I have the templates now – the rest is easy. I’ll write a few documents, show them to auditor, and...
Document management in ISO 27001 & BS 25999-2
Why is it that ISO 27001 and BS 25999-2 put such an emphasis on the control of documents? Both standards...
Why is it that ISO 27001 and BS 25999-2 put such an emphasis on the control of documents? Both standards define very strictly how the documents must be managed, and require that the organization must...
Using ISO 9001 for implementing ISO 27001
You have already implemented ISO 9001? You have heard that ISO 27001 might be a good idea? But how can...
You have already implemented ISO 9001? You have heard that ISO 27001 might be a good idea? But how can something that has to do with quality help you implement information security? It can, more...
List of mandatory documents according to the ISO 27001 2022 revision
Updated: November 28, 2022, according to the changes in ISO 27001:2022 revision. If you have ever wondered what documents are...
Updated: November 28, 2022, according to the changes in ISO 27001:2022 revision. If you have ever wondered what documents are mandatory in the 2022 revision of ISO/IEC 27001, here is the list you need. Below,...