How long does an ISO 27001 risk assessment take?

How long does an ISO 27001 risk assessment take?

Completing a risk assessment is often the most complex and difficult aspect of an ISO 27001 project. Whatever tool you decide to use in your project, it needs to take into account many elements, such as assets, threats, vulnerabilities and controls, and the likelihood and impact values of those threats ... Read More
ISO 27001 risk assessments: The problem with using spreadsheets

ISO 27001 risk assessments: The problem with using spreadsheets

An ISO 27001 risk assessment is at the core of your organisation’s information security management system (ISMS). Those new to tackling this complex step may rely on using a manual, inexpensive solution such as spreadsheets, but there are many disadvantages to doing so. Why using spreadsheets for your risk assessment ... Read More
Example of data mapping in preparation for the GDPR using the Data Flow Mapping Tool

GDPR data mapping: How to tackle complex processes

As part of your EU General Data Protection Regulation (GDPR) compliance project, your organisation will need to understand what personal data it processes. You will likely choose data mapping as a way to meet these requirements. Key elements of data mapping A data flow map of a process should chart ... Read More
™

How to create a risk treatment plan for your information security management system

A risk treatment plan (RTP) is one of the mandatory reports that you will need to produce for your ISO 27001 information security management system (ISMS). What is a risk treatment plan? An RTP provides a summary of each of the identified risks, the responses that have been determined for ... Read More
Example of using the Data Flow Mapping Tool to map methods of transferring data

GDPR data mapping key elements

Data mapping will be a key part of your compliance project in the run-up to the EU General Data Protection Regulation (GDPR) compliance deadline of May 2018. The Regulation introduces numerous changes – and the change from complying with the current Data Protection Act (DPA) to the GDPR is a ... Read More