How to perform an ISO 27001 second-party audit of an outsourced supplier
Rhand Leal
To focus on their core business, many organizations rely on outsourced suppliers to perform support processes. While this approach may...
To focus on their core business, many organizations rely on outsourced suppliers to perform support processes. While this approach may bring benefits like costs savings, and access to expert knowledge and state-of-the-art technology, it can...
7 ways to improve the internal audits of your ISO 27001 ISMS
Hannah Churchman
ISO 27001:2013 states that the purpose of the internal audit is to check compliance against both “the organization’s own requirements...
ISO 27001:2013 states that the purpose of the internal audit is to check compliance against both “the organization’s own requirements … and the requirements of this International Standard.” Aside from being a necessity of the...
How to prepare for an ISO 27001 internal audit
Dejan Kosutic
Many people simply rush in to prepare a checklist and perform the ISO 27001 internal audit – the sooner this “needless”...
Many people simply rush in to prepare a checklist and perform the ISO 27001 internal audit – the sooner this “needless” job is done, the better. But, such a rush will only create problems, and make...
How to maintain the ISMS after the certification
If you thought that your job was over after the ISO 27001 certification, you’re wrong – the real job with...
If you thought that your job was over after the ISO 27001 certification, you’re wrong – the real job with your Information Security Management System (ISMS) has just begun. OK, but where do you start?...
Major vs. minor nonconformities in the certification audit
If your company is considering going for the certification, it is always a good thing to know what to expect....
If your company is considering going for the certification, it is always a good thing to know what to expect. Since nonconformities are one of the most important outcomes of the certification audit (and the...
Chief Information Security Officer (CISO) – where does he belong in an org chart?
Companies that start implementing an information security program, or specifically ISO 27001, very soon realize that they cannot do it...
Companies that start implementing an information security program, or specifically ISO 27001, very soon realize that they cannot do it without a person who would coordinate and manage such activities. But then they face the...
5 ways to avoid overhead with ISO 27001 (and keep the costs down)
There are probably two main thoughts managers have when starting ISO 27001 implementation: (1) we’ll pay quite a lot of...
There are probably two main thoughts managers have when starting ISO 27001 implementation: (1) we’ll pay quite a lot of money for something we’re not sure is worth it; and (2) the annoyance of maintaining...
BS 25999-2 implementation checklist
Your management has given you the task to implement business continuity, but you’re not really sure how to do it?...
Your management has given you the task to implement business continuity, but you’re not really sure how to do it? Although it is not an easy task, you can use the BS 25999-2 methodology to...
Dilemmas with ISO 27001 & BS 25999-2 internal auditors
If this is the first time you have come across the notion of internal auditor, you are probably puzzled –...
If this is the first time you have come across the notion of internal auditor, you are probably puzzled – Why would I need another control? Who is going to pay for it? Who should...
Using ISO 9001 for implementing ISO 27001
You have already implemented ISO 9001? You have heard that ISO 27001 might be a good idea? But how can...
You have already implemented ISO 9001? You have heard that ISO 27001 might be a good idea? But how can something that has to do with quality help you implement information security? It can, more...
How to become ISO 27001 Lead Auditor
Updated: November 14, 2022. Many people think that just by attending the ISO 27001 Lead Auditor Course they have become the...
Updated: November 14, 2022. Many people think that just by attending the ISO 27001 Lead Auditor Course they have become the ISO 27001 Lead Auditor. Well, this is not entirely true. This article will show the...
