fbpx

About admin

This author has not yet filled in any details.
So far admin has created 41 blog entries.

What is the purpose of Internal Audit for ISO27001 Certification?

By |2023-12-07T17:09:27+00:00December 7th, 2023|Internal Audit, ISO27001 Certification, ISO27001 Implementation|

What is the purpose of Internal Audit for ISO27001 Certification? The Key Role of Internal Audits in ISO 27001 Compliance Obtaining ISO 27001 certification provides numerous benefits for organisations, demonstrating that your organisations is serious about information security. To achieve certification, an extensive information security management system (ISMS) needs to be implemented and rigorously maintained. A crucial component for maintaining an effective ISMS as required by ISO 27001 is conducting regular comprehensive internal audits. Internal audits examine all aspects of your security controls, policies, and procedures [...]

Read More
 0

ISO 27001 – Risk Assessment Requirements

By |2023-11-23T12:18:47+00:00November 23rd, 2023|Risk Assessment|

ISO27001 - Risk Assessment Requirements Managing Risk: A Core Element of ISO 27001 Certification For organisations seeking ISO 27001 certification, implementing a comprehensive risk management program is essential for obtaining the certification. ISO 27001 requires a formal risk assessment policy and procedure to be in place. This can be a bit intimidating when you haven't done any formal risk management practices before. But remember that you are managing risk as a business owner or department head all the time. You may not see it that way [...]

Read More
 0

Is Getting ISO 27001 Certification Difficult?

By |2024-02-23T09:57:10+00:00November 19th, 2023|ISO27001 Certification, ISO27001 Implementation|

Is Getting ISO 27001 Certification Difficult? Introduction: ISO 27001 is the most widely recognised standard for information security management systems (ISMS). It provides a framework for organisations to manage their information security risks. Many companies now seek ISO 27001 certification to demonstrate their commitment to security. But is getting certified difficult? Let's explore some of the main concerns. The Implementation Process Implementing the controls and processes required by ISO 27001 can seem daunting initially. It requires defining a formal information security policy, classifying assets and recording [...]

Read More
 0

Is ISO27001 better than ISO9001?

By |2024-02-23T10:00:27+00:00November 15th, 2023|ISO27001 Certification, ISO27001 Implementation, ISO9001|

Is ISO27001 better than ISO9001? ISO 27001 and ISO 9001 are two of the most widely used ISO management standards globally. But what exactly do they focus on and how do they differ? Here we will explain the unique objectives and scopes of ISO 27001 and ISO 9001 to help you understand which standard is most relevant for your organisation. ISO 27001 - Information Security Management ISO 27001 is specifically focused on information security. It has requirements for establishing, implementing, maintaining and continually improving an Information [...]

Read More
 0

Who needs to be ISO27001 certified?

By |2024-02-23T13:03:20+00:00November 12th, 2023|ISO27001 Certification, ISO27001 Implementation|

ISO 27001 is an internationally recognised standard for information security management systems (ISMS). It provides a framework for organisations to manage their information security risks and protect sensitive data. Many companies are now seeking ISO 27001 certification to demonstrate their commitment to security and gain a competitive edge. Companies which are handling lots of personal information or confidential business information on behalf of their clients can demonstrate good security practices by obtaining ISO 27001 certification. This would include companies such as those working in market research, [...]

Read More
 0

What is ISO27001 in the UK?

By |2024-02-23T13:12:18+00:00November 9th, 2023|ISO27001 Implementation|

What is ISO27001 in the UK? ISO27001 is the international standard (ISO) for Information Security Management Systems (ISMS). ISO 27001 has become one of the most widely adopted international standards for managing information security. It outlines the requirements for establishing, implementing, maintaining and continually improving an Information Security Management System (ISMS). An Information Security Management System does what is says on the tin. It is designed to protect business information and ensure the Confidentiality, Integrity and Availability of business information. Confidentiality, Integrity and Availability are the [...]

Read More
 0

Why are internal Audits important for ISO27001 Certification?

By |2024-02-23T13:07:02+00:00June 12th, 2023|Internal Audit, ISO27001 Certification, ISO27001 Implementation|

Why are internal Audits important for ISO27001 Certification? Internal audits are important for evaluating an organisation's compliance with ISO 27001 requirements and ensuring that the established security controls are effectively implemented. The internal audits happen throughout the year between surveillance audits with the external certification body. The aim on the internal audits is to ensure that your information security management system continues to work effectively and in line with the ISO27001 Standard. It’s a good idea to have the internal audits spread throughout the year as [...]

Read More
 0

ISO27001 Internal Audits – the basics

By |2023-01-07T11:56:08+00:00January 7th, 2023|Internal Audit|

We have been doing some internal audits as part of the ISO27001 certification for our clients. We are undertaking the audits on behalf of clients. Clients frequently do not have the skills, knowledge or time to do the internal audits in-house. It also means that they are getting an experienced internal auditor who understands what's required by the standard. Each internal audit has the potential to pick up areas of nonconformity and areas for improvement. Internal audits are a requirement of the ISO27001 standard and you [...]

Read More
 0

Let’s talk policies and procedures

By |2024-02-23T13:10:31+00:00May 7th, 2022|ISO27001 Implementation, policies and procedures|

Let’s talk policies and procedures I often get asked why organisations should bother with policies and procedures. My response is that it creates a uniform structure by which the organisation works, saving time and resources. For larger organisations it shows a fairness in the way it operates as everyone has the same procedure to follow. What usually goes wrong is that the person writing the policy struggles to be able to put into words what needs to happen. Believe me, we have seen some policies which [...]

Read More
 0

ISO27001 Implementation – Daunting isn’t it?

By |2024-02-23T13:11:27+00:00March 7th, 2022|ISO27001 Implementation|

One of the first questions we get asked is "What does ISO27001 require us to do as an organisation in order to get certification?". We have had a number of clients who have been told they need to get ISO27001 certified so that a particular client will continue to work with them. When you first start looking at ISO27001, there are a number of elements to it, all of which appear to need completing at the same time. There is also specific terminology used as part [...]

Read More
 0

© Copyright | All Rights Reserved | Audit & Risk Professionals Llp | Registered in England and Wales, Company Number: OC393687. Registered Address: 2 Masefield Ave, Borehamwood, HERTS, WD6 2HQ | Privacy Policy |

Go to Top