About admin

This author has not yet filled in any details.
So far admin has created 54 blog entries.

How to choose the right ISO 27001 Implementation Partner

By |2025-06-03T11:54:25+01:00June 3rd, 2025|ISO27001 Certification|

ISO 27001 Implementation Services: What to Look for How to choose the right ISO 27001 implementation partner and avoid costly mistakes that delay certification The Reality: It's More Complex Than It First Appears When we're working with businesses considering ISO 27001 certification, one conversation particularly stands out. A company director told us: "When we first started looking at ISO 27001, we genuinely had no idea what we were signing up for. Six months seemed like plenty of time, the process looked straightforward on paper, and we [...]

Read More
 0

What happens at an ISO 27001 Certification Audit?

By |2025-05-26T14:31:21+01:00May 26th, 2025|ISO27001 Certification|

Understanding the ISO 27001 Certification Audit Process It's one of the most common questions we get asked as organisations pursue ISO 27001. What happens at the certification audit? Firstly, the certification audit is undertaken in two parts a Stage 1 audit and a Stage 2 audit, both undertaken by a certification body. The audits have two distinct roles. Stage 1: Documentation Review The first stage is primarily a desk-based assessment where auditors examine your Information Security Management System (ISMS) documentation to see if you are ready [...]

Read More
 0

ISO27001 – Control 5.16 – Identity Management

By |2025-05-05T09:45:00+01:00May 5th, 2025|Information Security, ISO 27001 Controls|

ISO 27001 - Control 5.16 - Identity Management Control 5.16 Wording Control 5.16 - Identity Management states "The full life cycle of identities should be managed." What this means Control 5.16 focuses on managing digital identities throughout their complete lifecycle - from creation to deletion. Think of it as a comprehensive system for tracking and controlling every digital identity in your organisation, ensuring that the right people and systems have the right identities and access. It's not just about creating usernames; it's about maintaining a [...]

Read More
 0

ISO27001 – Control 5.15 – Access Control

By |2024-11-24T16:48:08+00:00November 25th, 2024|Information Security, ISO 27001 Controls|

ISO 27001 - Control 5.15 - Access Control Control 5.15 Wording Control 5.15 - Access Control states "Rules to control physical and logical access to information and other associated assets should be established and implemented based on business and information security requirements." What this means Control 5.15 - At its core, access control is about ensuring the right people have access to the right resources at the right time. Think of it as a sophisticated bouncer for your business assets, both digital and physical. It's not [...]

Read More
 0

We’ve got ISO27001 Certification, Now what?

By |2024-11-17T18:07:25+00:00November 18th, 2024|BUSINESS, ISO27001 Certification|

We've Got ISO 27001 - Now What? You've done it. The audits are complete, the certificate is on the wall and the website, and everyone's breathing a collective sigh of relief that all the work has finally paid off. But if you think getting ISO 27001 certified was the hard part and it's all downhill from here, think again. ISO 27001 maintenance isn't just about keeping your certificate on the wall. It's about turning those hard-won security practices into business value. While getting certified is a [...]

Read More
 0

ISO27001 – Control 5.14 – Information Transfer

By |2024-11-09T16:25:08+00:00November 11th, 2024|Information Security, ISO 27001 Controls|

ISO 27001 - Control 5.14 - Information Transfer Control 5.14 Wording Control 5.14 - information transfer states "Information transfer rules, procedures, or agreements should be in place for all types of transfer facilities within the organization and between the organization and other parties". What this means Control 5.15 - information transfer is aiming to ensure that any information transfer processes are robust and secure and available to all within the organisation. The most obvious means of data transfer is email but there is also the consideration [...]

Read More
 0

5 Information Security Mistakes That Could Cost You Your Business

By |2024-11-02T11:51:16+00:00November 4th, 2024|Cyber Security, Information Security|

5 Information Security Mistakes That Could Cost You Your Business Information security mistakes can devastate UK businesses of any size. In today's digital landscape, these information security mistakes aren't just IT concerns - they're fundamental business risks that UK organisations cannot afford to ignore. With data breaches costing  companies an average of £3.7 million according to IBM's 2024 Cost of a Data Breach Report, even seemingly minor security oversights can have devastating consequences. 1. Assuming Compliance Equals Security Many UK businesses make the critical error of [...]

Read More
 0

UK Procurement Trends: Why Your Company’s Security Posture Matters More Than Ever

By |2024-10-26T10:22:02+01:00October 28th, 2024|Information Security|

UK Procurement Trends: Why Your Company's Security Posture Matters More Than Ever In today's business landscape, UK companies are experiencing a significant shift in how clients evaluate and select their suppliers. A clear trend has emerged: a good security posture has moved from a "nice-to-have" to a critical deciding factor in procurement decisions. Potential clients are reviewing suppliers security requirements to ensure that they have secure practices in place as part of the procurement process. For managers focused on growth and efficiency, understanding this shift could [...]

Read More
 0

ISO27001 – Control 5.13 – Labelling of Information

By |2024-10-17T16:57:49+01:00October 21st, 2024|Information Security, ISO 27001 Controls|

ISO 27001 - Control 5.13 - Labelling of Information Control 5.13 Wording An appropriate set of procedures for information labelling should be developed and implemented in accordance with the information classification scheme adopted by the organization. What this means This is the followup control to 5.12 - Classification. This control is designed to make sure that all business assets are labelled as part of securing information within the organisation. It's all about marking your data so everyone knows how to handle it properly. Let's break down [...]

Read More
 0

Why Change Management is Crucial for ISO27001 Compliance

By |2024-10-17T16:59:57+01:00October 14th, 2024|Information Security, ISO 27001 Controls|

The Silent Revolution: Why Change Management is Crucial for ISO27001 Compliance In the world of information security, we often focus on the big, dramatic changes - major system overhauls, new technology implementations, or responding to high-profile security incidents. But what about the small, almost imperceptible changes that happen every day? As it turns out, these can be just as critical to your ISO27001 compliance. The Constant Nature of Change Change is not just inevitable—it's constant. Lots of the time, we don't even notice it happening. A [...]

Read More
 0

© Copyright | All Rights Reserved | Audit & Risk Professionals Llp | Registered in England and Wales, Company Number: OC393687. Registered Address: 2 Masefield Ave, Borehamwood, HERTS, WD6 2HQ | Privacy Policy |

Go to Top