Who should you put in charge of implementing ISO 27001?
You’re only as good as the company you keep, so the saying goes. Without doubt, one of the most important things to get right when implementing the ISO 27001 Information Security Management System is building the right team for the project. It’s Not Just IT All too often, people think ISO 27001 is all about IT and […]
How to determine the scope of your ISO 27001 certification
One of the first and most important things you will have to do when thinking about implementing ISO 27001 is identify the ‘scope’ of your Information Security Management System (ISMS). The scope defines how far the system will extend within your organisation. It also states what will not be included and why it is not included. Tendering for Contracts It’s vitally […]
What is ISO 27001? Who needs it? Why?
Now, it’s true to say that in this day and age most organisations store the bulk of their information digitally – but by no means all of it. Look around your own work place and you will be surprised how much is still kept in paper files and even in people’s brains! The way we […]
Common information security breaches in business
When you’re building your information security defences, you obviously need to prioritise where to focus your energy and resources. This means you need to know where to look for weaknesses, understand the kinds of things that typically go wrong, and then identify where your vulnerabilities are. Obviously you’ll do this as part of your risk […]
Top 10 non-conformities with ISO 27001
The ISO 27001 Information Security Management System (ISMS) has rapidly increased in popularity in the last few years. The primary driver is, of course, concerns about the security of digitally stored data. But with ISO 27001, it’s not just about online hacks; the system encompasses all information in whatever format it’s held. And as well as the […]
Cybercrime: The third largest economy and the scale of threat to UK businesses
Back in 2020, it was reported that if it were measured as a country, then cybercrime would be the world’s third-largest economy after the United States and China. So it’s hard to overstate the significance of the issue. Looking at matters on a more local level, the Government’s own statistics show that 39% of UK […]
The New ISO 27001:2022 Information Security Management Systems standard has been released
The updated version of the ISO 27001 standard has now officially been released. Its full title is ISO/IEC 27001:2022 Information Security, Cybersecurity and Privacy Protection — Information Security Management Systems — Requirements. If you’re already ISO 27001 certified, changes have been introduced to the 2013 version of the standard that will eventually impact your ISO 27001 Information […]
Strengthening Your ISO 27001 Information Security Management System with the ISO 27017 and ISO 27018 Codes of Practice
The ISO 27001 Information Security Management System standard has become a fixture of many industries and organisations. And just like a successful film franchise, it has spawned several sequels and spin-offs. In some cases, these are ‘Codes of Practice’ related to specific industries or applications. There are over 40 of these and some have multiple parts. Some are auditable […]
Top Tips for Risk Assessment Methodologies for ISO 27001 Information Security Management Systems
If there’s one thing that all ISO management systems have in common, it’s the management of risk. If there’s one thing that all ISO management systems have in common, it’s the management of risk. Whether it’s health and safety, quality, environmental management or – as in the case of ISO 27001 – information security, it’s all about making […]
Things to know before you get started with ISO 27001
As many organisations start to examine how well they responded to Covid-19 and how they could have done better, the topic of ‘business resilience’ arises. In the world of management systems, the obvious one that springs to mind which would have helped organisations ride this out is ISO 22301 Business Continuity Management Systems. Having plans […]
Adhering to data protection legislation with BS 10012:2017
Let’s remind ourselves of the situation regarding data protection in the UK. First up is the flavour-of-the-month General Data Protection Regulations (GDPR). This is an EU regulation and directly applies to all European Union member states, including the UK, at least until Brexit (and almost certainly beyond). Second, running in parallel with this, is the UK’s new Data […]
