Show me desktop version

The ISO 27001 & ISO 22301 Blog

3 strategic options to implement any ISO standard

If you’re considering the implementation of ISO 27001, ISO 9001, ISO 14001, ISO 20000, or any other ISO management standard, you’re probably overwhelmed with various approaches on how to start and finish such project successfully. In my opinion, there are three basic options to implement these standards: (1) do it …

Read More ...

Accreditation vs. certification vs. registration in the ISO world

Things with ISO standards can get really complicated: there are many ISO management standards – the most popular ones are ISO 9001, ISO 14001, ISO 27001, ISO 22301, ISO 20000, etc. – and there are a multitude of ways to get accredited/certified/registered related to those standards. But, that’s not all …

Read More ...

How to implement integrated management systems

Recently, we saw the release of new versions of two of the best-known ISO standards: ISO 9001 (requirements for Quality Management Systems) and ISO 14001 (requirements for Environmental Management Systems). Like ISO 22301 and ISO 27001:2013, these standards follow a similar structure, based on Annex SL, Appendix 2 of ISO/IEC Directives (for more …

Read More ...

Infographic: The brain of an ISO auditor – What to expect at a certification audit

  If your company is going for the ISO certification (e.g., ISO 9001, ISO 14001, OHSAS 18001, ISO 20000, ISO 22000, ISO 22301, or ISO 27001), you’re probably not very happy about it – certification auditors are usually perceived as persons who are not very open minded and who will …

Read More ...

Explanation of the basic terminology in ISO standards

Updated 2015-12-11: Number of mandatory clauses When I deliver various trainings for ISO 27001 and ISO 22301, it always turns out that one of the hottest topics is about which policies and procedures need to be documented, and which do not. Of course, there are some other heated discussions as well, …

Read More ...

Records management in ISO 27001 and ISO 22301

In the beginning of ISO 27001 or ISO 22301 implementation, records might seem like one of those bureaucratic requirements of these standards with no real purpose, and that will only take up your time. However, chances are you already have many records that can be used, and the ones you’ll have to …

Read More ...

How detailed should the ISO 27001 documents be?

When starting to write a policy or a procedure, you’re probably puzzled as to how lengthy it should be. And the truth is, ISO 27001 (as well as other ISO standards like ISO 20000, ISO 9001, ISO 14001 and others) are very flexible in this respect. They basically allow you the freedom to …

Read More ...

Major vs. minor nonconformities in the certification audit

If your company is considering going for the certification, it is always a good thing to know what to expect. Since nonconformities are one of the most important outcomes of the certification audit (and the most unpleasant), it is probably in your best interest to understand what they are all …

Read More ...

Has the PDCA Cycle been removed from the new ISO standards?

Lately I’ve been receiving (too) many questions asking, “Why did the new revision of ISO 27001 cut out the PDCA cycle?” And, on first sight, you might be misled because the standard really doesn’t mention the Plan-Do-Check-Act cycle explicitly; but, you should read the standard a bit more carefully… Annex …

Read More ...

Is the ISO 27001 Manual really necessary?

Sometimes I receive questions on whether the ISO 27001 Manual is required by the standard, and how to write it. I even lost some potential clients because I told them that we do not have such a document and that we do not recommend it. Even worse, I heard some …

Read More ...

Practical use of corrective actions for ISO 27001 and ISO 22301

Is your company one of those that has no idea what the purpose of corrective actions is? Do you prepare your corrective actions only a couple of days prior to your certification audit? And do you think corrective actions are one of those requirements of ISO 27001/ISO 22301 with no …

Read More ...

Is ISO 27001 among the top ISO standards?

Do you know which ISO standards are the most popular? And whether ISO 27001 is among the most popular? There is both good and bad news for information security enthusiasts – ISO 27001 really is among the most popular, but it is insignificant compared to, say, ISO 9001. Top ISO …

Read More ...

Lessons learned from ISO 27001 implementation

Many readers of this blog asked me to present a real-life experience of ISO 27001 implementation in a company. Since I would be too subjective if I started writing my own impressions, I decided to interview my clients – Dragomir Perica and Ivancica Ljubic from Dabar informatika d.o.o., a company …

Read More ...

Using ISO 9001 for implementing ISO 27001

You have already implemented ISO 9001? You have heard that ISO 27001 might be a good idea? But how can something that has to do with quality help you implement information security? It can, more than you may think. ISO 9001 specifies how the quality management systems (QMS) must look …

Read More ...
FREE ISO 27001/22301 CONSULTATION
Dejan Kosutic
Lead ISO 27001/22301 Expert, Advisera

GET FREE ADVICE

ISO 27001 & ISO 22301
Free Downloads

 

Upcoming free webinar
ISO 27001 implementation: How to make it easier using ISO 9001
Wednesday - October 25, 2017
Show posts:

OUR CLIENTS

OUR PARTNERS

  • Exemplar Global (formerly RABQSA) is leading international authority in certification of training providers.
  • ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.
Request callback
Request callback

Or call us directly

International calls
+1 (646) 759 9933