ISO 27001 Clauses 4-10: A Complete Guide

ISO 27001 Clauses

ISO/IEC 27001  is an international standard for creating an information security management system (ISMS). It provides a systematic approach for organisations to manage and protect their sensitive information. This standard is broken down into Clauses and Security Controls (Annex A) which every organisation that intends to be ISO 27001 compliant is required to follow. The […]

How to Prepare for an ISO 27001 Audit

ISO 27001 Audit

In the world of information security, there are many frameworks and countless guidelines. But among them all, one standard rules them all. Originating from the Plateau of Gorgoroth in Northwestern Mordor, it towers high above the rest, peering deep into the very hearts of organisations like the Eye of Sauron; controlling information security for all […]

ISO 27001: Steps to Write a Statement of Applicability

ISO 27001 Statement of Applicability

ISO 27001 Statement of Applicability A central component of becoming compliant with ISO 27001 is creating a Statement of Applicability (SoA). This is a document in which a vast number of controls (defensive policies, procedures, techniques and mechanisms) are considered, and the applicability of each one is weighed up against your organisation’s risks. While a […]

How Agrimetrics Successfully Attained ISO 27001 Certification

About the Company Agrimetrics, founded in 2014, is a leading Agri-tech Centre dedicated to revolutionising the agrifood sector through a thriving Data Marketplace that facilitates the sharing, monetisation, and accessibility of data. With a strategic goal of feeding 10 billion people by 2025, Agrimetrics has been at the forefront of utilising data for its operations […]

ISO 27001 Penetration Testing Requirements – Risk Crew

ISO 27001 Penetration Testing

A common question that comes up when implementing ISO 27001 is: Should I include security penetration testing in my Information Security Management System (ISMS) programme to comply with the ISO 27001 standard and meet auditor expectations? The answer is both yes and no — depending on how you look at it. The standard does not […]

ISO 27001 Information Security Tips to Jump the Hurdles of Compliance


When looking to embark on achieving ISO 27001 Compliance, every organisation should know what challenges are ahead, in order to overcome them. It doesn’t have to be that hard if you know the hurdles. Risk Crew would like to share some tips to jump the hurdles when it comes to building your Information Security Management […]

ISO 27001 Compliance Checklist: The Documentation Required

ISO 27001 Checklist

Documenting your information security management system (ISMS) for evidence of compliance with the ISO 27001:2022 standard can be confusing as it is not clear which documents are mandated and which are discretionary. Consequently, most of us overcompensate and produce far more paperwork than we need causing redundant and conflicting policies to confuse our stakeholders, staff […]

Going Beyond Cyber Essentials Plus Certification

Cyber essentials plus

Once you have successfully attained Cyber Essentials Plus (CE+) certification and the celebrations are over, what do you do? Do you just sit back and be happy that CE+ has been achieved or do you build upon it? Well, it all depends on why you undertook to achieve CE+ in the first place. Many companies […]

How to Choose an UKAS Accredited ISO 27001 Auditor

ISO 27001 Auditing Company

ISO 27001 Accreditation Bodies UK Before choosing an ISO certification body for your ISO 27001 certification you need to understand the reasons for obtaining the certificate. Many clients want the ISO certificate to demonstrate to clients and partners that they take information security seriously. Others have requirements for certification to allow them to bid for […]

Risk Crew