CISA vs. ISO 27001 Lead Auditor certification
Rhand Leal
In a previous post, I talked about personal certifications helping the organization to comply with ISO 27001 clause 7.2 (see this...
In a previous post, I talked about personal certifications helping the organization to comply with ISO 27001 clause 7.2 (see this post How personal certificates can help your company’s ISMS). In today’s post, I will show...
How to structure the documents for ISO 27001 Annex A controls
Dejan Kosutic
Updated: April 19, 2023, according to the ISO 27001 2022 revision. Once you’ve finished your risk assessment and treatment, it...
Updated: April 19, 2023, according to the ISO 27001 2022 revision. Once you’ve finished your risk assessment and treatment, it is time for you to start writing documents that describe your security controls according to...
How to create a Communication Plan according to ISO 27001
Jean-Luc Allard
Communicating is a key activity for any human being. This is also the case for an organization. It helps through...
Communicating is a key activity for any human being. This is also the case for an organization. It helps through exchanging the most correct information to the best audience and at the best moment. It...
Roles and responsibilities of top management in ISO 27001 and ISO 22301
Did you know that, in most cases, failure to implement ISO 27001 or ISO 22301 was directly related to the...
Did you know that, in most cases, failure to implement ISO 27001 or ISO 22301 was directly related to the fact that top management did not want to assume their responsibilities for information security /...
Why is management review important for ISO 27001 and ISO 22301?
Like some other clauses in ISO 27001 and ISO 22301, clause 9.3, which defines requirements for management review, is one...
Like some other clauses in ISO 27001 and ISO 22301, clause 9.3, which defines requirements for management review, is one of the most misunderstood and most underappreciated elements of these standards. In practice, this review...
ISO 27001 Case study for data centers: An interview with Goran Djoreski
DK: More than a year and a half has passed since you were certified by ISO 27001 – what are...
DK: More than a year and a half has passed since you were certified by ISO 27001 – what are your impressions? Was it really worth it? GD: It was definitely worth it, since it...
How to address main concerns with ISO 27001 implementation
Last week I delivered two webinars on the topic of ISO 27001, and I have asked the attendees to send...
Last week I delivered two webinars on the topic of ISO 27001, and I have asked the attendees to send me their top concerns regarding ISO 27001 implementation before those webinars. I’ve summarized most common...
One Information Security Policy, or several policies?
Very often I see questions on various forums on how to develop an Information Security Policy. Quite frankly, I don’t...
Very often I see questions on various forums on how to develop an Information Security Policy. Quite frankly, I don’t think it is a good idea to stuff all the security rules into a single...
5 ways to avoid overhead with ISO 27001 (and keep the costs down)
There are probably two main thoughts managers have when starting ISO 27001 implementation: (1) we’ll pay quite a lot of...
There are probably two main thoughts managers have when starting ISO 27001 implementation: (1) we’ll pay quite a lot of money for something we’re not sure is worth it; and (2) the annoyance of maintaining...
ISO 27001 control objectives – Why are they important?
Note: this article was updated according the 2013 version of ISO 27001 Peter Drucker (one of the most influential thinkers...
Note: this article was updated according the 2013 version of ISO 27001 Peter Drucker (one of the most influential thinkers on the subject of management theory) said “What gets measured gets managed”. The same goes...
