The General Data Protection Regulation (GDPR), agreed in December 2015 and refined in early 2016, sets out new laws to govern the security of personal…
As part of a series of frequently asked questions, we look at the classic – “is ISO 27001 certification worth it?” In order to answer…
One question we are often asked with regards to cryptographic controls is how does SSL work with HTTPS? And as we are using HTTPS to…
Leadership and Commitment in ISO 27001 is a relatively new control, situated under clause 5.1 of the system requirements. This article explores what is meant…
If you are new to ISO 27001, and ISO standards in general, then internal audit may be an area where you have several questions. For…
When deciding on a risk assessment methodology, one question that usually pops up is: quantitative vs qualitative risk assessments – what is the difference between…
In this article we explore control A.14.1 Security Requirements of Information Systems. This can be thought of as a control that not only governs procurement…
With the introduction and strong uptake of cloud computing in recent years, we are often asked how ISO 27001 and Cloud Computing work together. Specifically,…
The objective of information transfer policies and procedures in ISO 27001 is to control the flow of information in a secure manner between the organisation…
One question that we are often asked is “how long does it take to implement ISO 27001?”. With many organisations requiring ISO 27001 alignment or…