fbpx

We’ve got ISO27001 Certification, Now what?

By |2024-11-17T18:07:25+00:00November 18th, 2024|BUSINESS, ISO27001 Certification|

We've Got ISO 27001 - Now What? You've done it. The audits are complete, the certificate is on the wall and the website, and everyone's breathing a collective sigh of relief that all the work has finally paid off. But if you think getting ISO 27001 certified was the hard part and it's all downhill from here, think again. ISO 27001 maintenance isn't just about keeping your certificate on the wall. It's about turning those hard-won security practices into business value. While getting certified is a [...]

Practical Climate Change Considerations for ISO 27001

By |2024-10-11T14:20:05+01:00October 7th, 2024|ISO27001 Certification|

Practical Climate Actions in ISO 27001: Small Steps, Big Impact ISO 27001 requires organisations to consider the impact of climate change as part of their certification. Although the sentence in the standard states "The organization shall determine whether climate change is a relevant issue", we all know that deciding climate change is not an issue for your organisation may not work in accordance with the standard. It can therefore be a challenge to identify practical, implementable steps to consider as part of the Climate Change requirements. [...]

ISO 27001 and Climate Change: Understanding the Connection

By |2024-09-29T17:06:40+01:00September 30th, 2024|ISO27001 Certification|

ISO 27001 and Climate Change: Understanding the Connection As part of the updating that took place to ISO27001, two sentence were added to clause 4. These sentences are "The organization shall determine whether climate change is a relevant issue" and "Relevant interested parties can have requirements related to climate change". Organisations are increasingly recognising the importance of addressing climate change as part of their overall risk management strategy and the inclusion in the standard reflects the growing understanding that environmental factors can have on an organisation's [...]

Configuration Management in ISO 27001

By |2024-09-24T14:25:30+01:00September 23rd, 2024|Cyber Security, ISO27001 Certification, ISO27001 Implementation|

Configuration Management in ISO 27001 plays a crucial role in maintaining the integrity, availability, and confidentiality of an organisation's IT assets. For organisations implementing ISO 27001, an effective configuration management process is not just beneficial—it's essential. This blog post explores the importance of configuration management within the ISO 27001 framework and provides guidance on its implementation. Understanding Configuration Management in ISO 27001 Configuration management involves identifying, controlling, maintaining, and verifying the versions of all critical assets within an organisation's IT environment. Key Objectives: 1. Ensure that [...]

ISO 27001 Surveillance Audits: What They Are and How to Prepare

By |2024-09-13T16:02:33+01:00September 16th, 2024|ISO27001 Certification|

ISO 27001 Surveillance Audits: What They Are and How to Prepare ISO 27001 is an international standard for information security management systems (ISMS). Once an organisation achieves ISO 27001 certification, it must undergo regular surveillance audits to maintain its certified status. This blog post will explain what surveillance audits are, why they occur, and how to prepare for them effectively. What are ISO 27001 Surveillance Audits? Surveillance audits are periodic checks, usually annually, conducted by a certification body to ensure that an organisation continues to comply [...]

Data Classification – How to get it right

By |2024-07-22T13:41:51+01:00July 22nd, 2024|Information Security, ISO27001 Certification, ISO27001 Implementation, policies and procedures, Risk Assessment|

Data Classification: How to get it right Not all business data is created equal. Some information is more valuable—and more sensitive—than others. This is where data classification becomes important. It helps separate the low risk information from the highly sensitive and confidential. What is Data Classification? Data classification is the process of categorising business information based on its level of sensitivity and the impact to the organisation should that data be disclosed, altered, or destroyed without authorisation. It's about understanding what data you have, where it [...]

Information Security Roles and Responsibilities in ISO 27001

By |2024-07-14T12:47:50+01:00July 15th, 2024|BUSINESS, Information Security, ISO27001 Certification|

Information Security Roles and Responsibilities in ISO 27001 ISO 27001 is the international standard for information security management systems (ISMS). A key aspect of implementing ISO 27001 is clearly defining roles and responsibilities related to information security and the management system. This ensures that all aspects of the ISMS are properly managed and that there's accountability throughout the organisation. There are some common roles which should be considered in every organisation considering obtaining ISO27001 Certification and they are: 1. Top Management - This could be Board [...]

How do I know my organisation is ready for ISO 27001 certification?

By |2024-08-26T09:14:58+01:00July 8th, 2024|Information Security, ISO27001 Certification|

How to Assess If Your Organisation Is Ready for ISO27001 Certification The importance of information security can't be overstated, especially for organisations handling sensitive client data. Achieving ISO27001 certification not only ensures robust information security practices but also builds trust and confidence in your clients. But how do you know if your organisation is ready to pursue this certification? The Problem: Determining ISO27001 Readiness Many organisations struggle with the first step towards ISO27001 certification: assessing their current readiness and how the current practices align with the [...]

ISO27001 – Control 5.11 – Return of Assets

By |2024-06-14T14:34:48+01:00June 16th, 2024|Information Security, ISO 27001 Controls, ISO27001 Certification, ISO27001 Implementation|

ISO27001 - Control 5.11 - Return of Assets Control Personnel and other interested parties as appropriate should return all the organization’s assets in their possession upon change or termination of their employment, contract or agreement. What this means When a member of staff, contractor or supplier reaches the end of their employment or contract period, there should be a process in place to ensure that all the organisations assets are returned. This includes devices such as laptops and mobile phones as well as business paperwork (held [...]

ISO27001 – Control 5.10 – Acceptable use of information and other associated assets

By |2024-05-31T16:10:27+01:00June 3rd, 2024|Information Security, ISO 27001 Controls, ISO27001 Certification, ISO27001 Implementation|

ISO27001 - Control 5.10 - Acceptable use of information and other associated assets Control Rules for the acceptable use and procedures for handling information and other associated assets should be identified, documented and implemented. What this means This is all about ensuring that information and associated assets are appropriately protected, used and handled. You should have a procedure which documents the rules for acceptable use and the protection of assets. The organisation should identify the staff and external party users using or having access to the [...]

Go to Top