Every standard has a requirement that you understand and meet your legal, statutory, regulatory, or contractual obligations. Organisations should have a register to manage these things where you can list out what the requirement is and how you meet that requirement. It shouldn't need a standard to tell you need to meet your obligations, but for som...

Like many of the ISO standards, ISO27001 for information security management systems needs you to have a relationship with your supplier. That relationship, of course, should be one of mutual benefit and respect. What Annex clause A15 does however, is set up the requirements for implementing some targets in terms of information security requirement...

Information has always been a premium resource, it's always been something that has been controlled and guarded to ensure that those who shouldn't have it, don't. If you look back through the ages it's always been there, the Romans had Cursus publicus - which was their courier system, much like today's couriers these were people entr...

When organisations start thinking about information management and the security of that information they automatically look towards their IT and typically the CIO or IT Manager gets the call and told to 'secure it', because it's that simple right? Wrong! And wrong in a number of ways. Information is all around Firstly, it's important to not think a...

When you make the decision to really look at information security there are a number of options available to you in terms of how to do it and what standards to follow - NIST, COBIT, ISA, CIS or ISO. The great thing about ISO27001 for Information Security is that it really does cover all the bases and like the updates to ISO9001, 14001, 45001, ISO 2...

When you parked your car this morning did you lock it and put valuables in the boot, so they don't get stolen? What about when you left your house, I bet that was locked up, windows closed, oven and cooker off so as not to burn the place down. You don't want come home and find that your house is empty of all your possessions, that your family photo...

I often ask people I'm working with, "if you want to fix something, to improve it, then what is the 1st thing you have to have in order to be able to do that?" I get all sorts of answers usually most of these resulting of spending a lot of money, which seems to be the default approach – there's a problem lets spend money. The real answer is actuall...

Ever wonder why processes and systems breakdown in your organisation? The answer is normally pretty simple and comes back to just one word, Responsibility. If you don't assign responsibility to someone to get a task done or own a process, then guess what it'll fall over. All processes and systems left unattended eventually just fall over, it's call...

Let's face it when it comes to any form of system, process or way of working the one sure that that will kill it quickly and drive staff morale into the gutter is lack of management commitment. We spoke about the need for this in depth when we looked at the requirements of ISO9001:2015 for Quality Management Systems and it's exactly the same requir...

When people start out on the journey for ISO27001 sometimes they can forget to stop and really think about the design of their Information Security Management System (ISMS), eventually it catches up with them and it happens. One factor in that design that most seem to gloss over however is the Values that the system is based around and that's what ...