fbpx

Configuration Management in ISO 27001

By |2024-09-24T14:25:30+01:00September 23rd, 2024|Cyber Security, ISO27001 Certification, ISO27001 Implementation|

Configuration Management in ISO 27001 plays a crucial role in maintaining the integrity, availability, and confidentiality of an organisation's IT assets. For organisations implementing ISO 27001, an effective configuration management process is not just beneficial—it's essential. This blog post explores the importance of configuration management within the ISO 27001 framework and provides guidance on its implementation. Understanding Configuration Management in ISO 27001 Configuration management involves identifying, controlling, maintaining, and verifying the versions of all critical assets within an organisation's IT environment. Key Objectives: 1. Ensure that [...]

Read More
 0

ISO 27001 and the CIA Triad: Pillars of Information Security

By |2024-09-08T17:45:57+01:00September 9th, 2024|Information Security, ISO27001 Implementation|

ISO 27001 and the CIA Triad: Pillars of Information Security Information security has become a critical concern for organisations of all sizes and industries. Two fundamental concepts that form the backbone of robust information security practices are ISO 27001 and the CIA triad. YOu can find out more about these concepts and their importance in safeguarding sensitive data. Understanding ISO 27001 ISO 27001 is an internationally recognised standard for information security management systems (ISMS). It provides a framework for organisations to establish, implement, maintain, and continually [...]

Read More
 0

The Role of Continuous Improvement in ISO27001 Compliance

By |2024-09-01T16:21:41+01:00September 2nd, 2024|Information Security, ISO27001 Implementation|

The Role of Continuous Improvement in ISO27001 Compliance Overview Compliance with ISO27001 is not a one-time achievement but a continuous journey. The standard itself emphasises the importance of continuous improvement, advocating for ongoing enhancements to an organisation's Information Security Management System (ISMS). This blog post delves into the role of continuous improvement in maintaining ISO27001 compliance, exploring how you can use Plan-Do-Check-Act (PDCA) cycle, tools and techniques for continuous improvement. How to use the Plan-Do-Check-Act (PDCA) Cycle for ISO27001 The PDCA cycle, also known as the [...]

Read More
 0

Data Classification – How to get it right

By |2024-07-22T13:41:51+01:00July 22nd, 2024|Information Security, ISO27001 Certification, ISO27001 Implementation, policies and procedures, Risk Assessment|

Data Classification: How to get it right Not all business data is created equal. Some information is more valuable—and more sensitive—than others. This is where data classification becomes important. It helps separate the low risk information from the highly sensitive and confidential. What is Data Classification? Data classification is the process of categorising business information based on its level of sensitivity and the impact to the organisation should that data be disclosed, altered, or destroyed without authorisation. It's about understanding what data you have, where it [...]

Read More
 0

ISO27001 – Control 5.11 – Return of Assets

By |2024-06-14T14:34:48+01:00June 16th, 2024|Information Security, ISO 27001 Controls, ISO27001 Certification, ISO27001 Implementation|

ISO27001 - Control 5.11 - Return of Assets Control Personnel and other interested parties as appropriate should return all the organization’s assets in their possession upon change or termination of their employment, contract or agreement. What this means When a member of staff, contractor or supplier reaches the end of their employment or contract period, there should be a process in place to ensure that all the organisations assets are returned. This includes devices such as laptops and mobile phones as well as business paperwork (held [...]

Read More
 0

ISO27001 – Control 5.10 – Acceptable use of information and other associated assets

By |2024-05-31T16:10:27+01:00June 3rd, 2024|Information Security, ISO 27001 Controls, ISO27001 Certification, ISO27001 Implementation|

ISO27001 - Control 5.10 - Acceptable use of information and other associated assets Control Rules for the acceptable use and procedures for handling information and other associated assets should be identified, documented and implemented. What this means This is all about ensuring that information and associated assets are appropriately protected, used and handled. You should have a procedure which documents the rules for acceptable use and the protection of assets. The organisation should identify the staff and external party users using or having access to the [...]

Read More
 0

ISO27001 – Control 5.9 – Inventory of information and other associated assets

By |2024-05-28T12:11:45+01:00May 28th, 2024|Information Security, ISO 27001 Controls, ISO27001 Certification, ISO27001 Implementation|

ISO27001 - Control 5.9 - Inventory of information and other associated assets Control An inventory of information and other associated assets, including owners, should be developed and maintained. What this means Organizations should develop and maintain an inventory of their information assets and other associated resources, including details about who owns each asset. The purpose is to identify all the organization's important information and assets in order to properly secure them and assign clear ownership responsibilities. Ownership should be assigned when assets are created or when [...]

Read More
 0

Do I need special Software to get ISO27001?

By |2024-05-31T14:05:39+01:00May 20th, 2024|Information Security, ISO27001 Implementation|

This is a question we get asked regularly "Is the software that is designed to monitor ISo27001 worth the investment?" If your organisation is ISO 27001 certified, you know how important it is to have a systematic approach for monitoring and managing your information security policies and controls. While there are software solutions specifically designed for this purpose, some organisations opt to use spreadsheets to track their compliance efforts. Let's look at the pros and cons of each approach. Dedicated ISO 27001 Compliance Software The advantages [...]

Read More
 0

ISO27001 – Control 5.8 – Information Security In Project Management

By |2024-05-13T15:03:48+01:00May 13th, 2024|Information Security, ISO 27001 Controls, ISO27001 Certification, ISO27001 Implementation|

ISO27001 - Control 5.8 - Information Security in Project Management Control Information security should be integrated into Project Management. What this means When planning and executing projects, it's essential to integrate information security practices throughout the entire project lifecycle. Information security risks can derail projects and jeopardise deliverables if not addressed proactively. This can be applied to any type of project regardless of its complexity, size, duration, discipline or application area (e.g. a project for a core business process, ICT, facility management or other supporting processes). [...]

Read More
 0

Demystifying ISO 27001: Your Simple Project Guide

By |2024-04-26T18:29:52+01:00April 29th, 2024|ISO27001 Implementation|

Demystifying ISO 27001: Your Simple Project Guide Embarking on the journey towards ISO 27001 certification for your business can seem like a daunting project. However, with the right approach and understanding, achieving this milestone can be a rewarding and transformative experience. Let's delve into how ISO 27001 can be viewed as a project and how you can navigate through it successfully. Project Planning Phase Setting Objectives: Just like any project, defining clear objectives is crucial. Identify why you are pursuing ISO 27001 certification and what outcomes [...]

Read More
 0

© Copyright | All Rights Reserved | Audit & Risk Professionals Llp | Registered in England and Wales, Company Number: OC393687. Registered Address: 2 Masefield Ave, Borehamwood, HERTS, WD6 2HQ | Privacy Policy |

Go to Top