Having too many security solutions is as bad as having too few
When you’re considering your organisation’s cyber security measures, there are two things you must consider: do these controls work now, and will these controls work in the future? The first issue is comparatively easy to assess, because any solution you adopt should be designed to address a specific issue and ... Read More
The Statement of Applicability in ISO 27001
When it comes to ISO 27001 compliance, the SoA (Statement of Applicability) is one of the key documents you must complete. It identifies the controls you have selected to address information security risks, explains why those controls have been selected, states whether they’ve been implemented, and explains why any Annex ... Read More
The best risk assessment template for ISO 27001 compliance
ISO 27001 is the most popular information security standard worldwide, and organisations that have achieved compliance with the Standard can use it to prove that they are serious about the information they handle and use. ISO 27001 is the globally accepted standard that offers clients the assurance that the organisation ... Read More
What to expect from Stage 1 and Stage 2 ISO 27001 audits
Those who are just getting to know ISO 27001 will no doubt find the audit a daunting prospect. It’s a big, complex task that can be tricky for even experienced professionals. But, as with many challenges, you can overcome any concerns by preparing. Once you understand how the process works, ... Read More
Identifying assets for conducting an asset-based risk assessment
One of the first things organisations must do when implementing ISO 27001 is identify their information assets. After all, it’s only once you know what needs to be protected that you can determine the threats associated with them and put in place appropriate defences. An information asset is any piece ... Read More
6 of the best reports for your ISO 27001 audit
ISO 27001 audits can be intimidating, especially if it’s the first time that your ISMS (information security management system) has come under scrutiny. So how can you make sure you’re doing everything that you should? This blog helps settle your nerves, providing essential advice to ensure your audit is successful ... Read More
70% of organisations admit non-compliance with the GDPR: balancing data privacy and data security
The concepts of data privacy and data security might sound similar, but each involves a totally different set of processes and skills for comprehensive data governance. Data privacy relates to the protection of PII (personally identifiable information) – payment card details, email addresses, medical data, education, criminal history, etc. Data ... Read More
