fbpx

ISO27001 – Control 5.13 – Labelling of Information

By |2024-10-17T16:57:49+01:00October 21st, 2024|Information Security, ISO 27001 Controls|

ISO 27001 - Control 5.13 - Labelling of Information Control 5.13 Wording An appropriate set of procedures for information labelling should be developed and implemented in accordance with the information classification scheme adopted by the organization. What this means This is the followup control to 5.12 - Classification. This control is designed to make sure that all business assets are labelled as part of securing information within the organisation. It's all about marking your data so everyone knows how to handle it properly. Let's break down [...]

Read More
 0

Why Change Management is Crucial for ISO27001 Compliance

By |2024-10-17T16:59:57+01:00October 14th, 2024|Information Security, ISO 27001 Controls|

The Silent Revolution: Why Change Management is Crucial for ISO27001 Compliance In the world of information security, we often focus on the big, dramatic changes - major system overhauls, new technology implementations, or responding to high-profile security incidents. But what about the small, almost imperceptible changes that happen every day? As it turns out, these can be just as critical to your ISO27001 compliance. The Constant Nature of Change Change is not just inevitable—it's constant. Lots of the time, we don't even notice it happening. A [...]

Read More
 0

ISO 27001 and the CIA Triad: Pillars of Information Security

By |2024-09-08T17:45:57+01:00September 9th, 2024|Information Security, ISO27001 Implementation|

ISO 27001 and the CIA Triad: Pillars of Information Security Information security has become a critical concern for organisations of all sizes and industries. Two fundamental concepts that form the backbone of robust information security practices are ISO 27001 and the CIA triad. YOu can find out more about these concepts and their importance in safeguarding sensitive data. Understanding ISO 27001 ISO 27001 is an internationally recognised standard for information security management systems (ISMS). It provides a framework for organisations to establish, implement, maintain, and continually [...]

Read More
 0

The Role of Continuous Improvement in ISO27001 Compliance

By |2024-09-01T16:21:41+01:00September 2nd, 2024|Information Security, ISO27001 Implementation|

The Role of Continuous Improvement in ISO27001 Compliance Overview Compliance with ISO27001 is not a one-time achievement but a continuous journey. The standard itself emphasises the importance of continuous improvement, advocating for ongoing enhancements to an organisation's Information Security Management System (ISMS). This blog post delves into the role of continuous improvement in maintaining ISO27001 compliance, exploring how you can use Plan-Do-Check-Act (PDCA) cycle, tools and techniques for continuous improvement. How to use the Plan-Do-Check-Act (PDCA) Cycle for ISO27001 The PDCA cycle, also known as the [...]

Read More
 0

ISO27001 – Control 5.12 – Classification of Information

By |2024-09-08T13:14:30+01:00August 26th, 2024|Information Security, ISO 27001 Controls|

Control 5.12 – Classification of Information Control Information should be classified according to the information security needs of the organization based on confidentiality, integrity, availability and relevant interested party requirements. What this means There needs to be a classification scheme implemented to protect information assets and this classification scheme should be documented and communicated to all staff and other relevant parties such as contractors, data processors etc. When classifying documents the organisation needs to consider the confidentiality, integrity, and availability requirements in the classification scheme. Try [...]

Read More
 0

Bringing New Blood into InfoSec: Why Mentoring Matters

By |2024-08-26T09:10:07+01:00August 19th, 2024|Information Security|

Bringing New Blood into InfoSec: Why Mentoring Matters Let's face it - the information security landscape is evolving faster than ever. With new threats emerging daily, the demand for assurance from clients that their data is secure and the innovative thinking needed to stay ahead of the curve. But how do we nurture the next generation of InfoSec professionals? The answer might be simpler than you think: good old-fashioned mentoring. Now, I know what you're thinking. "Mentoring? Isn't that just extra work for my already overloaded [...]

Read More
 0

Risk Assessment – What scale should I use?

By |2024-08-26T09:11:17+01:00August 5th, 2024|Information Security, Risk Assessment|

Risk Assessment - What Scale should I use? When undertaking a risk assessment process, one of the key things you need to decide upon is the scale you are going to use. I have seen some very complicated risk assessment scales, ones with multiplication of values, a scale of 1 to 10, different areas for reporting risk. It doesn't have to be complicated. Actually the simpler the scale, the easier it is to evaluate risk. Keep it simple Unless your business is complex, multi-million pound and [...]

Read More
 0

Data Classification – How to get it right

By |2024-07-22T13:41:51+01:00July 22nd, 2024|Information Security, ISO27001 Certification, ISO27001 Implementation, policies and procedures, Risk Assessment|

Data Classification: How to get it right Not all business data is created equal. Some information is more valuable—and more sensitive—than others. This is where data classification becomes important. It helps separate the low risk information from the highly sensitive and confidential. What is Data Classification? Data classification is the process of categorising business information based on its level of sensitivity and the impact to the organisation should that data be disclosed, altered, or destroyed without authorisation. It's about understanding what data you have, where it [...]

Read More
 0

Information Security Roles and Responsibilities in ISO 27001

By |2024-07-14T12:47:50+01:00July 15th, 2024|BUSINESS, Information Security, ISO27001 Certification|

Information Security Roles and Responsibilities in ISO 27001 ISO 27001 is the international standard for information security management systems (ISMS). A key aspect of implementing ISO 27001 is clearly defining roles and responsibilities related to information security and the management system. This ensures that all aspects of the ISMS are properly managed and that there's accountability throughout the organisation. There are some common roles which should be considered in every organisation considering obtaining ISO27001 Certification and they are: 1. Top Management - This could be Board [...]

Read More
 0

How do I know my organisation is ready for ISO 27001 certification?

By |2024-08-26T09:14:58+01:00July 8th, 2024|Information Security, ISO27001 Certification|

How to Assess If Your Organisation Is Ready for ISO27001 Certification The importance of information security can't be overstated, especially for organisations handling sensitive client data. Achieving ISO27001 certification not only ensures robust information security practices but also builds trust and confidence in your clients. But how do you know if your organisation is ready to pursue this certification? The Problem: Determining ISO27001 Readiness Many organisations struggle with the first step towards ISO27001 certification: assessing their current readiness and how the current practices align with the [...]

Read More
 0

© Copyright | All Rights Reserved | Audit & Risk Professionals Llp | Registered in England and Wales, Company Number: OC393687. Registered Address: 2 Masefield Ave, Borehamwood, HERTS, WD6 2HQ | Privacy Policy |

Go to Top