fbpx

Why Change Management is Crucial for ISO27001 Compliance

By |2024-10-17T16:59:57+01:00October 14th, 2024|Information Security, ISO 27001 Controls|

The Silent Revolution: Why Change Management is Crucial for ISO27001 Compliance In the world of information security, we often focus on the big, dramatic changes - major system overhauls, new technology implementations, or responding to high-profile security incidents. But what about the small, almost imperceptible changes that happen every day? As it turns out, these can be just as critical to your ISO27001 compliance. The Constant Nature of Change Change is not just inevitable—it's constant. Lots of the time, we don't even notice it happening. A [...]

Read More
 0

ISO 27001 and Climate Change: Understanding the Connection

By |2024-09-29T17:06:40+01:00September 30th, 2024|ISO27001 Certification|

ISO 27001 and Climate Change: Understanding the Connection As part of the updating that took place to ISO27001, two sentence were added to clause 4. These sentences are "The organization shall determine whether climate change is a relevant issue" and "Relevant interested parties can have requirements related to climate change". Organisations are increasingly recognising the importance of addressing climate change as part of their overall risk management strategy and the inclusion in the standard reflects the growing understanding that environmental factors can have on an organisation's [...]

Read More
 0

Configuration Management in ISO 27001

By |2024-09-24T14:25:30+01:00September 23rd, 2024|Cyber Security, ISO27001 Certification, ISO27001 Implementation|

Configuration Management in ISO 27001 plays a crucial role in maintaining the integrity, availability, and confidentiality of an organisation's IT assets. For organisations implementing ISO 27001, an effective configuration management process is not just beneficial—it's essential. This blog post explores the importance of configuration management within the ISO 27001 framework and provides guidance on its implementation. Understanding Configuration Management in ISO 27001 Configuration management involves identifying, controlling, maintaining, and verifying the versions of all critical assets within an organisation's IT environment. Key Objectives: 1. Ensure that [...]

Read More
 0

Data Classification – How to get it right

By |2024-07-22T13:41:51+01:00July 22nd, 2024|Information Security, ISO27001 Certification, ISO27001 Implementation, policies and procedures, Risk Assessment|

Data Classification: How to get it right Not all business data is created equal. Some information is more valuable—and more sensitive—than others. This is where data classification becomes important. It helps separate the low risk information from the highly sensitive and confidential. What is Data Classification? Data classification is the process of categorising business information based on its level of sensitivity and the impact to the organisation should that data be disclosed, altered, or destroyed without authorisation. It's about understanding what data you have, where it [...]

Read More
 0

Information Security Roles and Responsibilities in ISO 27001

By |2024-07-14T12:47:50+01:00July 15th, 2024|BUSINESS, Information Security, ISO27001 Certification|

Information Security Roles and Responsibilities in ISO 27001 ISO 27001 is the international standard for information security management systems (ISMS). A key aspect of implementing ISO 27001 is clearly defining roles and responsibilities related to information security and the management system. This ensures that all aspects of the ISMS are properly managed and that there's accountability throughout the organisation. There are some common roles which should be considered in every organisation considering obtaining ISO27001 Certification and they are: 1. Top Management - This could be Board [...]

Read More
 0

Do I need special Software to get ISO27001?

By |2024-05-31T14:05:39+01:00May 20th, 2024|Information Security, ISO27001 Implementation|

This is a question we get asked regularly "Is the software that is designed to monitor ISo27001 worth the investment?" If your organisation is ISO 27001 certified, you know how important it is to have a systematic approach for monitoring and managing your information security policies and controls. While there are software solutions specifically designed for this purpose, some organisations opt to use spreadsheets to track their compliance efforts. Let's look at the pros and cons of each approach. Dedicated ISO 27001 Compliance Software The advantages [...]

Read More
 0

What is the purpose of Internal Audit for ISO27001 Certification?

By |2023-12-07T17:09:27+00:00December 7th, 2023|Internal Audit, ISO27001 Certification, ISO27001 Implementation|

What is the purpose of Internal Audit for ISO27001 Certification? The Key Role of Internal Audits in ISO 27001 Compliance Obtaining ISO 27001 certification provides numerous benefits for organisations, demonstrating that your organisations is serious about information security. To achieve certification, an extensive information security management system (ISMS) needs to be implemented and rigorously maintained. A crucial component for maintaining an effective ISMS as required by ISO 27001 is conducting regular comprehensive internal audits. Internal audits examine all aspects of your security controls, policies, and procedures [...]

Read More
 0

Is Getting ISO 27001 Certification Difficult?

By |2024-02-23T09:57:10+00:00November 19th, 2023|ISO27001 Certification, ISO27001 Implementation|

Is Getting ISO 27001 Certification Difficult? Introduction: ISO 27001 is the most widely recognised standard for information security management systems (ISMS). It provides a framework for organisations to manage their information security risks. Many companies now seek ISO 27001 certification to demonstrate their commitment to security. But is getting certified difficult? Let's explore some of the main concerns. The Implementation Process Implementing the controls and processes required by ISO 27001 can seem daunting initially. It requires defining a formal information security policy, classifying assets and recording [...]

Read More
 0

Is ISO27001 better than ISO9001?

By |2024-02-23T10:00:27+00:00November 15th, 2023|ISO27001 Certification, ISO27001 Implementation, ISO9001|

Is ISO27001 better than ISO9001? ISO 27001 and ISO 9001 are two of the most widely used ISO management standards globally. But what exactly do they focus on and how do they differ? Here we will explain the unique objectives and scopes of ISO 27001 and ISO 9001 to help you understand which standard is most relevant for your organisation. ISO 27001 - Information Security Management ISO 27001 is specifically focused on information security. It has requirements for establishing, implementing, maintaining and continually improving an Information [...]

Read More
 0

What is ISO27001 in the UK?

By |2024-02-23T13:12:18+00:00November 9th, 2023|ISO27001 Implementation|

What is ISO27001 in the UK? ISO27001 is the international standard (ISO) for Information Security Management Systems (ISMS). ISO 27001 has become one of the most widely adopted international standards for managing information security. It outlines the requirements for establishing, implementing, maintaining and continually improving an Information Security Management System (ISMS). An Information Security Management System does what is says on the tin. It is designed to protect business information and ensure the Confidentiality, Integrity and Availability of business information. Confidentiality, Integrity and Availability are the [...]

Read More
 0

© Copyright | All Rights Reserved | Audit & Risk Professionals Llp | Registered in England and Wales, Company Number: OC393687. Registered Address: 2 Masefield Ave, Borehamwood, HERTS, WD6 2HQ | Privacy Policy |

Go to Top