How to perform an ISO 27001 second-party audit of an outsourced supplier
To focus on their core business, many organizations rely on outsourced suppliers to perform support processes. While this approach may...
To focus on their core business, many organizations rely on outsourced suppliers to perform support processes. While this approach may bring benefits like costs savings, and access to expert knowledge and state-of-the-art technology, it can...
7 ways to improve the internal audits of your ISO 27001 ISMS
ISO 27001:2013 states that the purpose of the internal audit is to check compliance against both “the organization’s own requirements...
ISO 27001:2013 states that the purpose of the internal audit is to check compliance against both “the organization’s own requirements … and the requirements of this International Standard.” Aside from being a necessity of the...
How to prepare for an ISO 27001 internal audit
Many people simply rush in to prepare a checklist and perform the ISO 27001 internal audit – the sooner this “needless”...
Many people simply rush in to prepare a checklist and perform the ISO 27001 internal audit – the sooner this “needless” job is done, the better. But, such a rush will only create problems, and make...
How to maintain the ISMS after the certification
If you thought that your job was over after the ISO 27001 certification, you’re wrong – the real job with...
If you thought that your job was over after the ISO 27001 certification, you’re wrong – the real job with your Information Security Management System (ISMS) has just begun. OK, but where do you start?...
Major vs. minor nonconformities in the certification audit
If your company is considering going for the certification, it is always a good thing to know what to expect....
If your company is considering going for the certification, it is always a good thing to know what to expect. Since nonconformities are one of the most important outcomes of the certification audit (and the...
Chief Information Security Officer (CISO) – where does he belong in an org chart?
Companies that start implementing an information security program, or specifically ISO 27001, very soon realize that they cannot do it...
Companies that start implementing an information security program, or specifically ISO 27001, very soon realize that they cannot do it without a person who would coordinate and manage such activities. But then they face the...