How to become an ISO 27001 / ISO 22301 consultant
Dejan Kosutic
If you are thinking about a career change, becoming an independent consultant for ISO 27001 and/or ISO 22301 certainly sounds like an...
If you are thinking about a career change, becoming an independent consultant for ISO 27001 and/or ISO 22301 certainly sounds like an attractive option. But what do you need to know, and what do you need to...
Lead Auditor Course vs. Lead Implementer Course – Which one to go for?
If you are just entering the world of ISO 27001 or ISO 22301, you’re probably considering going for some training....
If you are just entering the world of ISO 27001 or ISO 22301, you’re probably considering going for some training. This is certainly a good idea; however, which course is better for you – Lead...
Roles and responsibilities of top management in ISO 27001 and ISO 22301
Did you know that, in most cases, failure to implement ISO 27001 or ISO 22301 was directly related to the...
Did you know that, in most cases, failure to implement ISO 27001 or ISO 22301 was directly related to the fact that top management did not want to assume their responsibilities for information security /...
Major vs. minor nonconformities in the certification audit
If your company is considering going for the certification, it is always a good thing to know what to expect....
If your company is considering going for the certification, it is always a good thing to know what to expect. Since nonconformities are one of the most important outcomes of the certification audit (and the...
How to perform training & awareness for ISO 27001 and ISO 22301
Most of the information security/business continuity practitioners I speak with have the same problem: the employees in their companies don’t...
Most of the information security/business continuity practitioners I speak with have the same problem: the employees in their companies don’t take them seriously – not only the top managers, but also their peers. This is...
Has the PDCA Cycle been removed from the new ISO standards?
Lately I’ve been receiving (too) many questions asking, “Why did the new revision of ISO 27001 cut out the PDCA...
Lately I’ve been receiving (too) many questions asking, “Why did the new revision of ISO 27001 cut out the PDCA cycle?” And, on first sight, you might be misled because the standard really doesn’t mention...
The most popular ISO 27001 & ISO 22301 blog posts
This is my 100th blog post! When I started this blog four years ago, I never dreamed I would have...
This is my 100th blog post! When I started this blog four years ago, I never dreamed I would have that many things to write about… And yet, the more I write, the more ideas...
Why is management review important for ISO 27001 and ISO 22301?
Like some other clauses in ISO 27001 and ISO 22301, clause 9.3, which defines requirements for management review, is one...
Like some other clauses in ISO 27001 and ISO 22301, clause 9.3, which defines requirements for management review, is one of the most misunderstood and most underappreciated elements of these standards. In practice, this review...
Setting the business continuity objectives in ISO 22301
Business continuity objectives are, along with the business impact analysis, probably one of the most difficult elements of ISO 22301...
Business continuity objectives are, along with the business impact analysis, probably one of the most difficult elements of ISO 22301 implementation. Most of the business continuity implementers have problems like these: Which types of objectives...
New book – Becoming Resilient: The Definitive Guide to ISO 22301 Implementation
As you may have heard, on December 19 I’ll publish my new book Becoming Resilient: The Definitive Guide to ISO...
As you may have heard, on December 19 I’ll publish my new book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation. So, if you are a business continuity practitioner looking for some tips on...
How to define activities when implementing business continuity according to ISO 22301
In several places in ISO 22301, it is required to define the activities within the company; not only this, activities...
In several places in ISO 22301, it is required to define the activities within the company; not only this, activities are a basic unit upon which the business impact analysis is made. So what are...
NFPA 1600 vs. ISO 22301 – Similarities and differences
If you are a business continuity practitioner in the U.S., you’re probably wondering which standard to apply – NFPA 1600...
If you are a business continuity practitioner in the U.S., you’re probably wondering which standard to apply – NFPA 1600 or ISO 22301. After all, they are both business continuity standards, and they both have...
The purpose of Business continuity policy according to ISO 22301
Why would you need a Policy once you have Business impact analysis, Business continuity strategy and Business continuity plan? This...
Why would you need a Policy once you have Business impact analysis, Business continuity strategy and Business continuity plan? This is probably a question many experienced business continuity/disaster recovery practitioners are asking themselves, so here’s...
ISO 22301 vs. ISO 22313
I was quite skeptical when I started to read ISO 22313, the guidance standard on business continuity management, but I...
I was quite skeptical when I started to read ISO 22313, the guidance standard on business continuity management, but I was proved to be wrong. It can be quite useful as a supplement to ISO...
Backup policy – How to determine backup frequency
Did you think that the frequency of backup is based on the IT manager’s whims? Or, perhaps, based on the...
Did you think that the frequency of backup is based on the IT manager’s whims? Or, perhaps, based on the least expensive solution? Well, you are wrong. Backup policy, or to be precise – the...
5 criteria for choosing an ISO 22301 / ISO 27001 consultant
If you’re implementing ISO 27001 or ISO 22301 for the first time, you’re probably considering hiring a consultant to help...
If you’re implementing ISO 27001 or ISO 22301 for the first time, you’re probably considering hiring a consultant to help you. But, which consultant should you hire, what are the potential problems, and how much...
ISO 22301 vs. BS 25999-2 – An Infographic
A new business continuity standard (ISO 22301) was published very recently, so I’ve decided to compare this new standard with...
A new business continuity standard (ISO 22301) was published very recently, so I’ve decided to compare this new standard with the old BS 25999-2 standard. Feel free to add comments below! __ Click here...
Who are interested parties, and how can you identify them according to ISO 27001 and ISO 22301?
Updated: November 17, 2022. One of the hot questions these days is related to clause 4.2 in both ISO 27001 and...
Updated: November 17, 2022. One of the hot questions these days is related to clause 4.2 in both ISO 27001 and ISO 22301 – Understanding the needs and expectations of interested parties. Actually, their identification is...
RTO and RPO: What is the difference between Recovery Time Objective and Recovery Point Objective?
Updated: December 13, 2023. When developing Business Continuity Plans (BCPS) or Disaster Recovery Plans (DRPs), two terms appear quite often:...
Updated: December 13, 2023. When developing Business Continuity Plans (BCPS) or Disaster Recovery Plans (DRPs), two terms appear quite often: Recovery Time Objective (RTO) and Recovery Point Objective (RPO). While paramount to the definition of...
