Risk Assessments

An ISO 27001 risk assessment should have five key steps. In this blog, we look at the second step in the process: identifying the risks that organisations face. How to identify threats You ...

When it comes to ISO 27001 compliance, the SoA (Statement of Applicability) is one of the key documents you must complete. It identifies the controls you have selected to address information security ...

ISO 27005 describes the risk management process for information and cyber security. It’s part of the ISO 27000 series, which means its advice is part of a wider set of best practices for to protect ...

The risk treatment plan is one of the mandatory documents that must be produced as part of a certified ISO 27001 ISMS (information security management system). It provides a summary of each ...

Whether you’re addressing cyber security on your own, following ISO 27001 or using the guidance outlined in the GDPR (General Data Protection Regulation), the process begins by assessing the risks you face ...

ISO 27001 is the most popular information security standard worldwide, and organisations that have achieved compliance with the Standard can use it to prove that they are serious about the information they ...

The purpose of an information security risk assessment is to prioritise threats so that you can allocate time and resources appropriately. To do that, you need a way of calculating the severity ...

Those who are just getting to know ISO 27001 will no doubt find the audit a daunting prospect. It’s a big, complex task that can be tricky for even experienced professionals. But, ...

One of the first things organisations must do when implementing ISO 27001 is identify their information assets. After all, it’s only once you know what needs to be protected that you can ...

ISO 27001 audits can be intimidating, especially if it’s the first time that your ISMS (information security management system) has been audited. So how can you make sure you’re doing everything that ...