Show me desktop version
CALL US 1-888-553-2256
United States

The ISO 27001 & ISO 22301 Blog

What should you write in your Information Security Policy according to ISO 27001?

Content of an Information Security Policy is certainly one of the biggest myths related to ISO 27001 – very often the purpose of this document is misunderstood, and in many cases people tend to think they need to write everything about their security in this document. Well, this is not …

Read More ...

How detailed should the ISO 27001 documents be?

When starting to write a policy or a procedure, you’re probably puzzled as to how lengthy it should be. And the truth is, ISO 27001 (as well as other ISO standards like ISO 20000, ISO 9001, ISO 14001 and others) are very flexible in this respect. They basically allow you the freedom to …

Read More ...

Roles and responsibilities of top management in ISO 27001 and ISO 22301

Did you know that, in most cases, failure to implement ISO 27001 or ISO 22301 was directly related to the fact that top management did not want to assume their responsibilities for information security / business continuity in their companies? OK, you probably knew that. But, what are these responsibilities, …

Read More ...

One Information Security Policy, or several policies?

Very often I see questions on various forums on how to develop an Information Security Policy. Quite frankly, I don’t think it is a good idea to stuff all the security rules into a single document, and here’s why… Information security policy vs. ISMS Policy First of all, let’s clarify …

Read More ...

The documentation myth – Why the templates are not enough?

I noticed that many people running ISO 27001 projects who have downloaded documentation templates think “I have the templates now – the rest is easy. I’ll write a few documents, show them to auditor, and it’ll be over in a few days”. Unfortunately, it’s not that easy. Here’s why: 1. …

Read More ...

Information security policy – how detailed should it be?

Quite often I see information security policies written in too much detail, trying to cover everything from strategic objectives to how many numerical digits a password should contain. The only problem with such policies is that they contain 50 or more pages, and – no one is really taking them …

Read More ...
Dejan Kosutic
Lead ISO 27001/22301 Expert, Advisera


ISO 27001 & ISO 22301
Free Downloads


Upcoming free webinar
ISO 27001 & ISO 22301: Why is it better to implement them together?
Wednesday - February 28, 2018
Show posts:



  • Exemplar Global (formerly RABQSA) is leading international authority in certification of training providers.
  • ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.
Request callback
Request callback

Or call us directly

International calls
+1 (646) 759 9933