ISO 27001 in the banking industry: “One standard to rule them all”
Tom van der Stoop
Why should banks go with ISO 27001? If you know the “Lord of the Rings” saga, the headline of this...
Why should banks go with ISO 27001? If you know the “Lord of the Rings” saga, the headline of this article probably sounds familiar. “One ring to rule them all” refers to the magic ring...
How to demonstrate resource provision in ISO 27001
Rhand Leal
The availability of resources is a critical point in any endeavor. You can have the best ideas and the best...
The availability of resources is a critical point in any endeavor. You can have the best ideas and the best intentions, but if you lack resources you are doomed to failure. So, it may seem...
How to identify ISMS requirements of interested parties in ISO 27001
“If you do not know where you’re going, you’re unlikely to end there.” This saying from the title character in...
“If you do not know where you’re going, you’re unlikely to end there.” This saying from the title character in the movie Forrest Gump describes perfectly why many projects fail: lack of clear requirements. Definition...
What does ISO 27001 Lead Implementer training look like?
Nina Ugrinoska
The ISMS (Information Security Management System) plays a very important role in every business these days. Since implementation of the...
The ISMS (Information Security Management System) plays a very important role in every business these days. Since implementation of the ISMS can be a complex process (and usually differs in each industry sector), in order...
Segregation of duties in your ISMS according to ISO 27001 A.6.1.2
Today’s automated solutions and information and communication technologies allow a few people to handle a great deal of information and...
Today’s automated solutions and information and communication technologies allow a few people to handle a great deal of information and processes (e.g., stock exchange operators and air traffic controllers). While this is good to improve...
What does ISO 27001 Lead Auditor training look like?
Updated: August 20, 2023. In the last four years I’ve been preparing and presenting a lot of trainings for ISO...
Updated: August 20, 2023. In the last four years I’ve been preparing and presenting a lot of trainings for ISO 27001 Lead Auditor. At the end, participants understand that this is just the beginning of the...
What is an Information Security Management System (ISMS)?
Dejan Kosutic
Updated: November 8, 2023. If you’re working with ISO 27001, you’ve surely came across the term “Information Security Management System”...
Updated: November 8, 2023. If you’re working with ISO 27001, you’ve surely came across the term “Information Security Management System” or ISMS. Pretty vague term, isn’t it? In the following article, we will give you...
Key performance indicators for an ISO 27001 ISMS
Think about a medical exam. Our objective is for the physician to tell us that our health is ok and...
Think about a medical exam. Our objective is for the physician to tell us that our health is ok and that we’ll live a long life, right? And how does the physician evaluate our health...
How to manage changes in an ISMS according to ISO 27001 A.12.1.2
Antonio Jose Segovia
Changes are necessary in the information technology sector, mainly because every so often it is necessary to update servers, systems,...
Changes are necessary in the information technology sector, mainly because every so often it is necessary to update servers, systems, etc. But risks (seen from an information security point of view) arise when changes are...
ISO 27001 Certification: What’s next after receiving the audit report?
For those who already run a management system, like an ISMS based on ISO 27001, the certification audit event is already...
For those who already run a management system, like an ISMS based on ISO 27001, the certification audit event is already known: the auditor arrives, performs the audit opening, evaluates processes and records, states the result,...
CISA vs. ISO 27001 Lead Auditor certification
In a previous post, I talked about personal certifications helping the organization to comply with ISO 27001 clause 7.2 (see this...
In a previous post, I talked about personal certifications helping the organization to comply with ISO 27001 clause 7.2 (see this post How personal certificates can help your company’s ISMS). In today’s post, I will show...
How to structure the documents for ISO 27001 Annex A controls
Updated: April 19, 2023, according to the ISO 27001 2022 revision. Once you’ve finished your risk assessment and treatment, it...
Updated: April 19, 2023, according to the ISO 27001 2022 revision. Once you’ve finished your risk assessment and treatment, it is time for you to start writing documents that describe your security controls according to...
How to create a Communication Plan according to ISO 27001
Jean-Luc Allard
Communicating is a key activity for any human being. This is also the case for an organization. It helps through...
Communicating is a key activity for any human being. This is also the case for an organization. It helps through exchanging the most correct information to the best audience and at the best moment. It...
Roles and responsibilities of top management in ISO 27001 and ISO 22301
Did you know that, in most cases, failure to implement ISO 27001 or ISO 22301 was directly related to the...
Did you know that, in most cases, failure to implement ISO 27001 or ISO 22301 was directly related to the fact that top management did not want to assume their responsibilities for information security /...
Why is management review important for ISO 27001 and ISO 22301?
Like some other clauses in ISO 27001 and ISO 22301, clause 9.3, which defines requirements for management review, is one...
Like some other clauses in ISO 27001 and ISO 22301, clause 9.3, which defines requirements for management review, is one of the most misunderstood and most underappreciated elements of these standards. In practice, this review...
ISO 27001 Case study for data centers: An interview with Goran Djoreski
DK: More than a year and a half has passed since you were certified by ISO 27001 – what are...
DK: More than a year and a half has passed since you were certified by ISO 27001 – what are your impressions? Was it really worth it? GD: It was definitely worth it, since it...
How to address main concerns with ISO 27001 implementation
Last week I delivered two webinars on the topic of ISO 27001, and I have asked the attendees to send...
Last week I delivered two webinars on the topic of ISO 27001, and I have asked the attendees to send me their top concerns regarding ISO 27001 implementation before those webinars. I’ve summarized most common...
One Information Security Policy, or several policies?
Very often I see questions on various forums on how to develop an Information Security Policy. Quite frankly, I don’t...
Very often I see questions on various forums on how to develop an Information Security Policy. Quite frankly, I don’t think it is a good idea to stuff all the security rules into a single...
5 ways to avoid overhead with ISO 27001 (and keep the costs down)
There are probably two main thoughts managers have when starting ISO 27001 implementation: (1) we’ll pay quite a lot of...
There are probably two main thoughts managers have when starting ISO 27001 implementation: (1) we’ll pay quite a lot of money for something we’re not sure is worth it; and (2) the annoyance of maintaining...
ISO 27001 control objectives – Why are they important?
Note: this article was updated according the 2013 version of ISO 27001 Peter Drucker (one of the most influential thinkers...
Note: this article was updated according the 2013 version of ISO 27001 Peter Drucker (one of the most influential thinkers on the subject of management theory) said “What gets measured gets managed”. The same goes...
