fbpx

ISO 27001 and Climate Change: Understanding the Connection

By |2024-09-29T17:06:40+01:00September 30th, 2024|ISO27001 Certification|

ISO 27001 and Climate Change: Understanding the Connection As part of the updating that took place to ISO27001, two sentence were added to clause 4. These sentences are "The organization shall determine whether climate change is a relevant issue" and "Relevant interested parties can have requirements related to climate change". Organisations are increasingly recognising the importance of addressing climate change as part of their overall risk management strategy and the inclusion in the standard reflects the growing understanding that environmental factors can have on an organisation's [...]

Bringing New Blood into InfoSec: Why Mentoring Matters

By |2024-08-26T09:10:07+01:00August 19th, 2024|Information Security|

Bringing New Blood into InfoSec: Why Mentoring Matters Let's face it - the information security landscape is evolving faster than ever. With new threats emerging daily, the demand for assurance from clients that their data is secure and the innovative thinking needed to stay ahead of the curve. But how do we nurture the next generation of InfoSec professionals? The answer might be simpler than you think: good old-fashioned mentoring. Now, I know what you're thinking. "Mentoring? Isn't that just extra work for my already overloaded [...]

Risk Assessment – What scale should I use?

By |2024-08-26T09:11:17+01:00August 5th, 2024|Information Security, Risk Assessment|

Risk Assessment - What Scale should I use? When undertaking a risk assessment process, one of the key things you need to decide upon is the scale you are going to use. I have seen some very complicated risk assessment scales, ones with multiplication of values, a scale of 1 to 10, different areas for reporting risk. It doesn't have to be complicated. Actually the simpler the scale, the easier it is to evaluate risk. Keep it simple Unless your business is complex, multi-million pound and [...]

Data Classification – How to get it right

By |2024-07-22T13:41:51+01:00July 22nd, 2024|Information Security, ISO27001 Certification, ISO27001 Implementation, policies and procedures, Risk Assessment|

Data Classification: How to get it right Not all business data is created equal. Some information is more valuable—and more sensitive—than others. This is where data classification becomes important. It helps separate the low risk information from the highly sensitive and confidential. What is Data Classification? Data classification is the process of categorising business information based on its level of sensitivity and the impact to the organisation should that data be disclosed, altered, or destroyed without authorisation. It's about understanding what data you have, where it [...]

How do I know my organisation is ready for ISO 27001 certification?

By |2024-08-26T09:14:58+01:00July 8th, 2024|Information Security, ISO27001 Certification|

How to Assess If Your Organisation Is Ready for ISO27001 Certification The importance of information security can't be overstated, especially for organisations handling sensitive client data. Achieving ISO27001 certification not only ensures robust information security practices but also builds trust and confidence in your clients. But how do you know if your organisation is ready to pursue this certification? The Problem: Determining ISO27001 Readiness Many organisations struggle with the first step towards ISO27001 certification: assessing their current readiness and how the current practices align with the [...]

Encryption vs. Password Protection: What you Need to Know

By |2024-07-05T16:30:03+01:00June 24th, 2024|Cyber Security, Information Security|

Encryption vs. Password Protection: What Businesses Need to Know As a business owner, you know that protecting your business information is crucial. But with so many cyber security terms floating around, it can be confusing to understand what you really need to protect your business. Today, let's demystify two common security concepts: encryption and password protection. What is Password Protection? Password protection is like putting a lock on your front door. It's a basic security measure that requires users to enter a secret code (the password) [...]

ISO27001 – Control 5.11 – Return of Assets

By |2024-06-14T14:34:48+01:00June 16th, 2024|Information Security, ISO 27001 Controls, ISO27001 Certification, ISO27001 Implementation|

ISO27001 - Control 5.11 - Return of Assets Control Personnel and other interested parties as appropriate should return all the organization’s assets in their possession upon change or termination of their employment, contract or agreement. What this means When a member of staff, contractor or supplier reaches the end of their employment or contract period, there should be a process in place to ensure that all the organisations assets are returned. This includes devices such as laptops and mobile phones as well as business paperwork (held [...]

ISO27001 – Control 5.10 – Acceptable use of information and other associated assets

By |2024-05-31T16:10:27+01:00June 3rd, 2024|Information Security, ISO 27001 Controls, ISO27001 Certification, ISO27001 Implementation|

ISO27001 - Control 5.10 - Acceptable use of information and other associated assets Control Rules for the acceptable use and procedures for handling information and other associated assets should be identified, documented and implemented. What this means This is all about ensuring that information and associated assets are appropriately protected, used and handled. You should have a procedure which documents the rules for acceptable use and the protection of assets. The organisation should identify the staff and external party users using or having access to the [...]

ISO27001 – Control 5.9 – Inventory of information and other associated assets

By |2024-05-28T12:11:45+01:00May 28th, 2024|Information Security, ISO 27001 Controls, ISO27001 Certification, ISO27001 Implementation|

ISO27001 - Control 5.9 - Inventory of information and other associated assets Control An inventory of information and other associated assets, including owners, should be developed and maintained. What this means Organizations should develop and maintain an inventory of their information assets and other associated resources, including details about who owns each asset. The purpose is to identify all the organization's important information and assets in order to properly secure them and assign clear ownership responsibilities. Ownership should be assigned when assets are created or when [...]

Do I need special Software to get ISO27001?

By |2024-05-31T14:05:39+01:00May 20th, 2024|Information Security, ISO27001 Implementation|

This is a question we get asked regularly "Is the software that is designed to monitor ISo27001 worth the investment?" If your organisation is ISO 27001 certified, you know how important it is to have a systematic approach for monitoring and managing your information security policies and controls. While there are software solutions specifically designed for this purpose, some organisations opt to use spreadsheets to track their compliance efforts. Let's look at the pros and cons of each approach. Dedicated ISO 27001 Compliance Software The advantages [...]

Go to Top