Most ISO 27001 projects stop at “pass the audit.” That’s fine when the only goal is a certificate. However, this approach leaves a lot of
This is a case-study about the certification path of kicker.cloud, a very small startup company, its SaaS product and high ambitions aiming towards a global market. kicker.cloud encountered the same issues so many others have faced before and will in the future – the dreaded procurement Excel-sheets with seemingly endless amounts of security requirements that need to be addressed before any business deals can go ahead.
Within the context of ISO 27001, risk comes up as a topic all over the place. The standard itself, as most of ISO standards nowadays
As part of the ISO/IEC 27001 certification process, organizations must conduct regular internal audits to ensure compliance and identify areas for improvement. One common dilemma faced by businesses is whether to conduct these audits internally or engage an external company to do it.
The average life expectancy of an ISO standard is about five years, at a time. When the hourglass has run out of sand, a voting will take place to decide whether to maintain the ISO standard as-is, revise it or withdraw the standard altogether.
All organizations are unique in their security needs and capabilities, and ISO 27001 does not seek to change that fact. The standard guides the adoption of appropriate processes and practices to improve, clarify, and maintain information security as an integral part of day-to-day operations.
Do you seek ISO 27001 compliance? Thomas has blogged about starting points for ISO 27001 certification project. This blog unwraps the importance of risk management in pursuit of ISO 27001 certification.
How much common ground is shared between technical vulnerability scanners and the de facto global information security standard? Quite a lot, actually. In this blog post we examine how Holm Security VMP platform meets ISO 27001 requirements for detecting vulnerabilities in an organization’s information systems, assessing the involved risks and taking corrective actions.
Planning for an industry standard compliant information security management system — in brief: carrying out an ISO 27001 project — can break cover from various starting points. Some organizations have already familiarized themselves with the standard, some have even written the first mandatory documents. Yet for many, this article could be the first contact with any form of security work at all.
