ISO 27001 Risk Assessment: How to Map Business Risks to Annex A Controls

By |2025-06-29T16:53:26+01:00June 30th, 2025|ISO27001 Certification, ISO27001 Implementation, Risk Assessment|

ISO 27001 Risk Assessment: How to Map Business Risks to Annex A Controls In a previous blog post, I explored whether organisations should choose scenario-based or asset-based risk management techniques when implementing ISO 27001. Today, I want to build on that discussion by examining a critical aspect that many organisations overlook: ensuring your risk register properly addresses the broader organisational risks that underpin the controls in Annex A. This isn't just about compliance box-ticking. When done correctly, your risk mapping demonstrates that you've genuinely considered the [...]

Read More
 0

What happens at an ISO 27001 Certification Audit?

By |2025-05-26T14:31:21+01:00May 26th, 2025|ISO27001 Certification|

Understanding the ISO 27001 Certification Audit Process It's one of the most common questions we get asked as organisations pursue ISO 27001. What happens at the certification audit? Firstly, the certification audit is undertaken in two parts a Stage 1 audit and a Stage 2 audit, both undertaken by a certification body. The audits have two distinct roles. Stage 1: Documentation Review The first stage is primarily a desk-based assessment where auditors examine your Information Security Management System (ISMS) documentation to see if you are ready [...]

Read More
 0

Practical Climate Change Considerations for ISO 27001

By |2024-10-11T14:20:05+01:00October 7th, 2024|ISO27001 Certification|

Practical Climate Actions in ISO 27001: Small Steps, Big Impact ISO 27001 requires organisations to consider the impact of climate change as part of their certification. Although the sentence in the standard states "The organization shall determine whether climate change is a relevant issue", we all know that deciding climate change is not an issue for your organisation may not work in accordance with the standard. It can therefore be a challenge to identify practical, implementable steps to consider as part of the Climate Change requirements. [...]

Read More
 0

© Copyright | All Rights Reserved | Audit & Risk Professionals Llp | Registered in England and Wales, Company Number: OC393687. Registered Address: 2 Masefield Ave, Borehamwood, HERTS, WD6 2HQ | Privacy Policy |

Go to Top