fbpx

The Role of Continuous Improvement in ISO27001 Compliance

By |2024-09-01T16:21:41+01:00September 2nd, 2024|Information Security, ISO27001 Implementation|

The Role of Continuous Improvement in ISO27001 Compliance Overview Compliance with ISO27001 is not a one-time achievement but a continuous journey. The standard itself emphasises the importance of continuous improvement, advocating for ongoing enhancements to an organisation's Information Security Management System (ISMS). This blog post delves into the role of continuous improvement in maintaining ISO27001 compliance, exploring how you can use Plan-Do-Check-Act (PDCA) cycle, tools and techniques for continuous improvement. How to use the Plan-Do-Check-Act (PDCA) Cycle for ISO27001 The PDCA cycle, also known as the [...]

Read More
 0

ISO27001 – Control 5.12 – Classification of Information

By |2024-09-08T13:14:30+01:00August 26th, 2024|Information Security, ISO 27001 Controls|

Control 5.12 – Classification of Information Control Information should be classified according to the information security needs of the organization based on confidentiality, integrity, availability and relevant interested party requirements. What this means There needs to be a classification scheme implemented to protect information assets and this classification scheme should be documented and communicated to all staff and other relevant parties such as contractors, data processors etc. When classifying documents the organisation needs to consider the confidentiality, integrity, and availability requirements in the classification scheme. Try [...]

Read More
 0

Scenario vs. Asset-Based Risk Assessments: Understanding the Key Differences

By |2024-08-26T09:14:20+01:00August 12th, 2024|Risk Assessment|

Scenario vs. Asset-Based Risk Assessments: Understanding the Key Differences Risk assessment is a crucial process for organisations to identify, analyse, and mitigate potential threats. Two common approaches to risk assessment are scenario-based and asset-based methods. Each has its strengths and is suited to different contexts. Scenario-Based Risk Assessment Scenario-based risk assessment focuses on identifying potential events or situations that could negatively impact an organisation. It is the one I would recommend for those organisations just starting out looking at the risks faced by their organisation as [...]

Read More
 0

Data Classification – How to get it right

By |2024-07-22T13:41:51+01:00July 22nd, 2024|Information Security, ISO27001 Certification, ISO27001 Implementation, policies and procedures, Risk Assessment|

Data Classification: How to get it right Not all business data is created equal. Some information is more valuable—and more sensitive—than others. This is where data classification becomes important. It helps separate the low risk information from the highly sensitive and confidential. What is Data Classification? Data classification is the process of categorising business information based on its level of sensitivity and the impact to the organisation should that data be disclosed, altered, or destroyed without authorisation. It's about understanding what data you have, where it [...]

Read More
 0

Information Security Roles and Responsibilities in ISO 27001

By |2024-07-14T12:47:50+01:00July 15th, 2024|BUSINESS, Information Security, ISO27001 Certification|

Information Security Roles and Responsibilities in ISO 27001 ISO 27001 is the international standard for information security management systems (ISMS). A key aspect of implementing ISO 27001 is clearly defining roles and responsibilities related to information security and the management system. This ensures that all aspects of the ISMS are properly managed and that there's accountability throughout the organisation. There are some common roles which should be considered in every organisation considering obtaining ISO27001 Certification and they are: 1. Top Management - This could be Board [...]

Read More
 0

How do I know my organisation is ready for ISO 27001 certification?

By |2024-08-26T09:14:58+01:00July 8th, 2024|Information Security, ISO27001 Certification|

How to Assess If Your Organisation Is Ready for ISO27001 Certification The importance of information security can't be overstated, especially for organisations handling sensitive client data. Achieving ISO27001 certification not only ensures robust information security practices but also builds trust and confidence in your clients. But how do you know if your organisation is ready to pursue this certification? The Problem: Determining ISO27001 Readiness Many organisations struggle with the first step towards ISO27001 certification: assessing their current readiness and how the current practices align with the [...]

Read More
 0

What is Threat Intelligence?

By |2024-06-10T11:22:40+01:00June 10th, 2024|Cyber Security, Information Security, ISO 27001 Controls|

What is Threat Intelligence? Very simply put, threat intelligence is the ways and means of finding out about new cyber threats globally and working out whether they are relevant to your organisation. We all know that cyber attackers are continually growing new ways to threaten businesses and gain an advantage whether that is through access to data or financial information. All organisations should have methods in place to support their threat intelligence framework. This can be something as simple as signing up for newsletters from respected [...]

Read More
 0

Do I need special Software to get ISO27001?

By |2024-05-31T14:05:39+01:00May 20th, 2024|Information Security, ISO27001 Implementation|

This is a question we get asked regularly "Is the software that is designed to monitor ISo27001 worth the investment?" If your organisation is ISO 27001 certified, you know how important it is to have a systematic approach for monitoring and managing your information security policies and controls. While there are software solutions specifically designed for this purpose, some organisations opt to use spreadsheets to track their compliance efforts. Let's look at the pros and cons of each approach. Dedicated ISO 27001 Compliance Software The advantages [...]

Read More
 0

How to create an effective Policy

By |2024-05-06T11:37:26+01:00May 6th, 2024|Information Security, policies and procedures|

Creating Effective Policy and Procedure Documents Having well-written and easy-to-follow policies is crucial for ensuring consistency and compliance within an organisation. However knowing what the format should look like can be a challenge and getting it wrong means lots of changes. We've written hundred of policies for clients and so I am going to share our format for creating easy to understand and follow policies. Here's the structure we use for creating effective policy documents: Front Cover I know a lot of people think that having [...]

Read More
 0

Demystifying ISO 27001: Your Simple Project Guide

By |2024-04-26T18:29:52+01:00April 29th, 2024|ISO27001 Implementation|

Demystifying ISO 27001: Your Simple Project Guide Embarking on the journey towards ISO 27001 certification for your business can seem like a daunting project. However, with the right approach and understanding, achieving this milestone can be a rewarding and transformative experience. Let's delve into how ISO 27001 can be viewed as a project and how you can navigate through it successfully. Project Planning Phase Setting Objectives: Just like any project, defining clear objectives is crucial. Identify why you are pursuing ISO 27001 certification and what outcomes [...]

Read More
 0

© Copyright | All Rights Reserved | Audit & Risk Professionals Llp | Registered in England and Wales, Company Number: OC393687. Registered Address: 2 Masefield Ave, Borehamwood, HERTS, WD6 2HQ | Privacy Policy |

Go to Top