Show me desktop version

The ISO 27001 & ISO 22301 Blog

How to perform an ISO 27001 second-party audit of an outsourced supplier

To focus on their core business, many organizations rely on outsourced suppliers to perform support processes. While this approach may bring benefits like costs savings, and access to expert knowledge and state-of-the-art technology, it can also involve risks related to loss of control over how these processes are performed and …

Read More ...

ISO 27001 vs. Cyber Essentials: Similarities and differences

In the Internet environment, big, medium, and small businesses all face similar risks, and many regulatory demands enforce information protection, but differences in resources and knowledge often result in data breaches because of the failure to implement basic security measures. To help handle such situations, the government in the United …

Read More ...

7 ways to improve the internal audits of your ISO 27001 ISMS

ISO 27001:2013 states that the purpose of the internal audit is to check compliance against both “the organization’s own requirements … and the requirements of this International Standard.” Aside from being a necessity of the standard, internal audits are important for several other reasons: Internal audits identify and rectify any …

Read More ...

How to gain employee buy-in when implementing cybersecurity according to ISO 27001

In the majority of organizations, change is embraced by senior management, but feared by employees. In the case of implementing ISO 27001, a committed senior management team (SMT) can understand clearly the benefits that an Information Security Management System (ISMS) will bring, such as decreased risk of business disruption, enhanced …

Read More ...

Which security clauses to use for supplier agreements?

Running a business on your own these days is practically impossible. Maintaining high levels of performance in every aspect of your business to stay competitive means draining precious resources that would be better invested in business growth and diversification. Thus, using suppliers becomes an attractive alternative. But, while suppliers are …

Read More ...

Defining the ISMS scope if the servers are in the cloud

In the article How to define the ISMS scope we show that scope definition of an Information Security Management System (ISMS) requires clear understanding about what to protect to minimize risks of information compromise, and servers implemented in cloud environments are an extra challenge in this critical step of the …

Read More ...

Case study: ISO 27001 implementation in an IT system integrator company

For any major change in our lives, whether professional or personal, there are questions that come up before taking the first step. Here are just a few of the questions that you may face before making the decision to implement the ISO 27001 standard: Why do we need the certification? Where …

Read More ...

How ISO 27001 can help suppliers comply with U.S. DFARS 7012

DFARS 7012 is an example of how customers’ concerns about protecting their information in the custody of suppliers and outsourced services has led to the establishment of ever more complex security requirements for those who wish to work with them. And, this increase in customer compliance demands has also increased …

Read More ...

The 3 key challenges of ISO 27001 implementation for SMEs

With thousands of organizations certified against ISO 27001, and hundreds of others working according to the principles, organizations recognize the benefits of implementing an Information Security Management System. From helping to maintain legal and regulatory compliance, to demonstrating credibility and trust to customers, to reducing the likelihood of a security …

Read More ...

How to demonstrate resource provision in ISO 27001

The availability of resources is a critical point in any endeavor. You can have the best ideas and the best intentions, but if you lack resources you are doomed to failure. So, it may seem strange that ISO 27001, the leading ISO standard for implementation of Information Security Management Systems, …

Read More ...

What to implement first: ISO 22301 or ISO 27001?

Implementing ISO management system standards, even with the help of toolkits and consultants, may be a challenging task. In practice, sometimes it seems appropriate to enhance preparedness and protection in several areas of an organization, covering multiple processes and disciplines. While a security-oriented approach demanding an immediate protection from a …

Read More ...

Should information security focus on asset protection, compliance, or corporate governance?

Traditionally, information security has been perceived as an activity that was built around protecting sensitive information assets – after all, this is what the first (2005) revision of ISO 27001, and its predecessor BS 7799-2, also emphasized. These standards required companies to identify all the assets, and then build the …

Read More ...

Qualitative vs. quantitative risk assessments in information security: Differences and similarities

In the risk assessment process, one common question asked by organizations is whether to go with a quantitative or a qualitative approach. The good news is that by using both approaches you can, in fact, improve your process efficiency towards achieving desired security levels. This article will present the concepts …

Read More ...

Business Continuity Management vs. Information Security vs. IT Disaster Recovery

For outsiders, it’s not easy to distinguish among the specific purposes of Business Continuity Management (BCM), Information Security (IS), and IT Disaster Recovery (IT DR). All three areas have something to do with “security,” “losses,” “disasters,” and “protection.” Read on to learn more about the particular roles of disciplines often …

Read More ...
FREE ISO 27001/22301 CONSULTATION
Dejan Kosutic
Lead ISO 27001/22301 Expert, Advisera

GET FREE ADVICE

ISO 27001 & ISO 22301
Free Downloads

 

Upcoming free webinar
ISO 27001 implementation: How to make it easier using ISO 9001
Wednesday - October 25, 2017
Show posts:

OUR CLIENTS

OUR PARTNERS

  • Exemplar Global (formerly RABQSA) is leading international authority in certification of training providers.
  • ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.
Request callback
Request callback

Or call us directly

International calls
+1 (646) 759 9933