Control your data privacy and cyber risks with CyberComply

ISO 27001: Understanding the needs and expectations of interested parties

| | ISO 27001
Clause 4.2 of ISO 27001 details the needs and expectations of interested parties. An interested party is essentially a stakeholder – an individual or a group of people affected by your organisation’s information security activities. To identify your interested parties, ask yourself who is important for your organisation, who is ... Read More
How to choose the right strategy for ISO 27001 risk management

How to choose the right strategy for ISO 27001 risk management

| | ISO 27001
ISO 27001 is designed to help organisations identify the right approach to take when managing risks. You can’t apply defences to every threat you face, because that would be impractical and prohibitively expensive, so you need to determine when mitigation is the right strategy and when other risks can be ... Read More
A key part of the risk assessment involves scoring risks based on the likelihood that they will occur and the damage they will cause.

How to write an information security risk assessment methodology

The purpose of an information security risk assessment is to prioritise threats so that you can allocate time and resources appropriately. To do that, you need a way of calculating the severity of these threats; that’s where the information security risk assessment methodology comes in. A methodology enables organisations to ... Read More
Managing risks according to Clause 6 of ISO 27001

Managing risks according to Clause 6 of ISO 27001

| | Latest news
Clause 6 of ISO 27001 is one of the most important aspects for compliance, as it covers the actions you must take to address information security risks. Everything else you do to meet the Standard’s requirements informs or revolves around the steps you take here. Mistakes at this stage could ... Read More

Monthly cyber security review: December 2019

| | Latest news
We’re back with another round-up of some of the most notable information security stories of the past month. In this edition, we discuss a hospital employee who abused their power to contact patients, an update on last year’s Ticketmaster data breach and an upsetting incident at a Scottish high school ... Read More

Monthly cyber security review: November 2019

| | Latest news
As we enter December, many organisations slow down as they turn their attention to Christmas. Office parties, secret Santas and discussions of when it’s acceptable to put the tree up start to take precedence over work, as employees kill time hoping not to start any big projects that could ruin ... Read More

What you need to know about accountability under the GDPR

| | Latest news
Accountability is an essential principle of the GPDR (General Data Protection Regulation). It requires organisations to take responsibility for compliance and to demonstrate their actions. The concept was implicit in the GDPR’s UK predecessor, the Data Protection Act 1998, but the GDPR goes further, outlining specific measures that organisations must ... Read More
vsRisk Cloud

Why you should use KPIs for ISO 27001 compliance

| | Latest news
ISO 27001 compliance is a complex, ongoing process, which organisations should track using KPIs (key performance indicators). In this blog, we explain what KPIs are and how they fit into your ISO 27001 compliance project, and provide examples that can boost your compliance practices. What are KPIs? KPIs are a ... Read More
™

The Statement of Applicability in ISO 27001

The SoA (Statement of Applicability) is one of the key documents when it comes to ISO 27001 compliance. It identifies the controls you have selected to address information security risks, explains why those controls have been selected, states whether they’ve been implemented, and explains why any Annex A controls have ... Read More
gdpr sensitive personal data examples

How to identify sensitive personal data

| | EU GDPR
You won’t get far with your GDPR (General Data Protection Regulation) compliance activities if you don’t know what’s considered personal data. But it’s not as simple as identifying whether the information you’re processing is in the Regulation’s scope, because the GDPR defines a second set of ‘special’ categories of personal ... Read More