Show me desktop version
CALL US +1 (646) 759 9933

The ISO 27001 & ISO 22301 Blog

How to prepare for an ISO 27001 internal audit

Many people simply rush in to prepare a checklist and perform the ISO 27001 internal audit – the sooner this “needless” job is done, the better. But, such a rush will only create problems, and make the internal audit longer than necessary. So, let’s see what you have to prepare to …

Read More ...

Risk assessment vs. internal audit in ISO 27001 and ISO 22301

Quite often I see people searching for ISO 27001 or ISO 22301 checklists for performing the internal audit; however, they expect those checklists to help them with, e.g., which information does the organization have, who has access to it, how is it protected, how confidential is it, etc. The problem is – …

Read More ...

How to maintain the ISMS after the certification

If you thought that your job was over after the ISO 27001 certification, you’re wrong – the real job with your Information Security Management System (ISMS) has just begun. OK, but where do you start? The good news is that you already have all the directions in your documentation, but …

Read More ...

Major vs. minor nonconformities in the certification audit

If your company is considering going for the certification, it is always a good thing to know what to expect. Since nonconformities are one of the most important outcomes of the certification audit (and the most unpleasant), it is probably in your best interest to understand what they are all …

Read More ...

Chief Information Security Officer (CISO) – where does he belong in an org chart?

Companies that start implementing an information security program, or specifically ISO 27001, very soon realize that they cannot do it without a person who would coordinate and manage such activities. But then they face the following dilemmas: Who should this person be responsible to? In which department should this person …

Read More ...

5 ways to avoid overhead with ISO 27001 (and keep the costs down)

There are probably two main thoughts managers have when starting ISO 27001 implementation: (1) we’ll pay quite a lot of money for something we’re not sure is worth it; and (2) the annoyance of maintaining such a system will cost us even more. Yes, ISO 27001 does require an investment, …

Read More ...

BS 25999-2 implementation checklist

Your management has given you the task to implement business continuity, but you’re not really sure how to do it? Although it is not an easy task, you can use the BS 25999-2 methodology to make your life easier – here are the main steps necessary to implement this standard: …

Read More ...

Dilemmas with ISO 27001 & BS 25999-2 internal auditors

If this is the first time you have come across the notion of internal auditor, you are probably puzzled – Why would I need another control? Who is going to pay for it? Who should I employ to do it? It is such a waste of time… Well, it doesn’t …

Read More ...

Using ISO 9001 for implementing ISO 27001

You have already implemented ISO 9001? You have heard that ISO 27001 might be a good idea? But how can something that has to do with quality help you implement information security? It can, more than you may think. ISO 9001 specifies how the quality management systems (QMS) must look …

Read More ...
FREE ISO 27001/22301 CONSULTATION
Dejan Kosutic
Lead ISO 27001/22301 Expert, Advisera

GET FREE ADVICE

ISO 27001 & ISO 22301
Free Downloads

 

Upcoming free webinar
ISO 27001 implementation: How to make it easier using ISO 9001
Wednesday - April 26, 2017
Show posts:
Request callback
Request callback

Or call us directly

International calls
+1 (646) 759 9933