fbpx

ISO27001 – Control 5.15 – Access Control

By |2024-11-24T16:48:08+00:00November 25th, 2024|Information Security, ISO 27001 Controls|

ISO 27001 - Control 5.15 - Access Control Control 5.15 Wording Control 5.15 - Access Control states "Rules to control physical and logical access to information and other associated assets should be established and implemented based on business and information security requirements." What this means Control 5.15 - At its core, access control is about ensuring the right people have access to the right resources at the right time. Think of it as a sophisticated bouncer for your business assets, both digital and physical. It's not [...]

Read More
 0

ISO27001 – Control 5.14 – Information Transfer

By |2024-11-09T16:25:08+00:00November 11th, 2024|Information Security, ISO 27001 Controls|

ISO 27001 - Control 5.14 - Information Transfer Control 5.14 Wording Control 5.14 - information transfer states "Information transfer rules, procedures, or agreements should be in place for all types of transfer facilities within the organization and between the organization and other parties". What this means Control 5.15 - information transfer is aiming to ensure that any information transfer processes are robust and secure and available to all within the organisation. The most obvious means of data transfer is email but there is also the consideration [...]

Read More
 0

ISO27001 – Control 5.13 – Labelling of Information

By |2024-10-17T16:57:49+01:00October 21st, 2024|Information Security, ISO 27001 Controls|

ISO 27001 - Control 5.13 - Labelling of Information Control 5.13 Wording An appropriate set of procedures for information labelling should be developed and implemented in accordance with the information classification scheme adopted by the organization. What this means This is the followup control to 5.12 - Classification. This control is designed to make sure that all business assets are labelled as part of securing information within the organisation. It's all about marking your data so everyone knows how to handle it properly. Let's break down [...]

Read More
 0

Why Change Management is Crucial for ISO27001 Compliance

By |2024-10-17T16:59:57+01:00October 14th, 2024|Information Security, ISO 27001 Controls|

The Silent Revolution: Why Change Management is Crucial for ISO27001 Compliance In the world of information security, we often focus on the big, dramatic changes - major system overhauls, new technology implementations, or responding to high-profile security incidents. But what about the small, almost imperceptible changes that happen every day? As it turns out, these can be just as critical to your ISO27001 compliance. The Constant Nature of Change Change is not just inevitable—it's constant. Lots of the time, we don't even notice it happening. A [...]

Read More
 0

ISO27001 – Control 5.12 – Classification of Information

By |2024-09-08T13:14:30+01:00August 26th, 2024|Information Security, ISO 27001 Controls|

Control 5.12 – Classification of Information Control Information should be classified according to the information security needs of the organization based on confidentiality, integrity, availability and relevant interested party requirements. What this means There needs to be a classification scheme implemented to protect information assets and this classification scheme should be documented and communicated to all staff and other relevant parties such as contractors, data processors etc. When classifying documents the organisation needs to consider the confidentiality, integrity, and availability requirements in the classification scheme. Try [...]

Read More
 0

ISO27001 – Control 5.11 – Return of Assets

By |2024-06-14T14:34:48+01:00June 16th, 2024|Information Security, ISO 27001 Controls, ISO27001 Certification, ISO27001 Implementation|

ISO27001 - Control 5.11 - Return of Assets Control Personnel and other interested parties as appropriate should return all the organization’s assets in their possession upon change or termination of their employment, contract or agreement. What this means When a member of staff, contractor or supplier reaches the end of their employment or contract period, there should be a process in place to ensure that all the organisations assets are returned. This includes devices such as laptops and mobile phones as well as business paperwork (held [...]

Read More
 0

What is Threat Intelligence?

By |2024-06-10T11:22:40+01:00June 10th, 2024|Cyber Security, Information Security, ISO 27001 Controls|

What is Threat Intelligence? Very simply put, threat intelligence is the ways and means of finding out about new cyber threats globally and working out whether they are relevant to your organisation. We all know that cyber attackers are continually growing new ways to threaten businesses and gain an advantage whether that is through access to data or financial information. All organisations should have methods in place to support their threat intelligence framework. This can be something as simple as signing up for newsletters from respected [...]

Read More
 0

ISO27001 – Control 5.10 – Acceptable use of information and other associated assets

By |2024-05-31T16:10:27+01:00June 3rd, 2024|Information Security, ISO 27001 Controls, ISO27001 Certification, ISO27001 Implementation|

ISO27001 - Control 5.10 - Acceptable use of information and other associated assets Control Rules for the acceptable use and procedures for handling information and other associated assets should be identified, documented and implemented. What this means This is all about ensuring that information and associated assets are appropriately protected, used and handled. You should have a procedure which documents the rules for acceptable use and the protection of assets. The organisation should identify the staff and external party users using or having access to the [...]

Read More
 0

ISO27001 – Control 5.9 – Inventory of information and other associated assets

By |2024-05-28T12:11:45+01:00May 28th, 2024|Information Security, ISO 27001 Controls, ISO27001 Certification, ISO27001 Implementation|

ISO27001 - Control 5.9 - Inventory of information and other associated assets Control An inventory of information and other associated assets, including owners, should be developed and maintained. What this means Organizations should develop and maintain an inventory of their information assets and other associated resources, including details about who owns each asset. The purpose is to identify all the organization's important information and assets in order to properly secure them and assign clear ownership responsibilities. Ownership should be assigned when assets are created or when [...]

Read More
 0

ISO27001 – Control 5.8 – Information Security In Project Management

By |2024-05-13T15:03:48+01:00May 13th, 2024|Information Security, ISO 27001 Controls, ISO27001 Certification, ISO27001 Implementation|

ISO27001 - Control 5.8 - Information Security in Project Management Control Information security should be integrated into Project Management. What this means When planning and executing projects, it's essential to integrate information security practices throughout the entire project lifecycle. Information security risks can derail projects and jeopardise deliverables if not addressed proactively. This can be applied to any type of project regardless of its complexity, size, duration, discipline or application area (e.g. a project for a core business process, ICT, facility management or other supporting processes). [...]

Read More
 0

© Copyright | All Rights Reserved | Audit & Risk Professionals Llp | Registered in England and Wales, Company Number: OC393687. Registered Address: 2 Masefield Ave, Borehamwood, HERTS, WD6 2HQ | Privacy Policy |

Go to Top