Within the context of ISO 27001, risk comes up as a topic all over the place. The standard itself, as most of ISO standards nowadays

As part of the ISO/IEC 27001 certification process, organizations must conduct regular internal audits to ensure compliance and identify areas for improvement. One common dilemma faced by businesses is whether to conduct these audits internally or engage an external company to do it.

The average life expectancy of an ISO standard is about five years, at a time. When the hourglass has run out of sand, a voting will take place to decide whether to maintain the ISO standard as-is, revise it or withdraw the standard altogether.

All organizations are unique in their security needs and capabilities, and ISO 27001 does not seek to change that fact. The standard guides the adoption of appropriate processes and practices to improve, clarify, and maintain information security as an integral part of day-to-day operations.

Do you seek ISO 27001 compliance? Thomas has blogged about starting points for ISO 27001 certification project. This blog unwraps the importance of risk management in pursuit of ISO 27001 certification.

Planning for an industry standard compliant information security management system — in brief: carrying out an ISO 27001 project — can break cover from various starting points. Some organizations have already familiarized themselves with the standard, some have even written the first mandatory documents. Yet for many, this article could be the first contact with any form of security work at all.