Once you have successfully attained Cyber Essentials Plus (CE+) certification and the celebrations are over, what do you do? Do you just sit back and be happy that CE+ has been achieved or do you build upon it? Well, it all depends on why you undertook to achieve CE+ in the first place. Many companies […]
Before choosing an ISO certification body for your ISO 27001 certification you need to understand the reasons for obtaining the certificate. Many clients want the ISO certificate to demonstrate to clients and partners that they take information security seriously. Others have requirements for certification to allow them to bid for certain contracts. There are a […]
In this new business era of virtual working, I have been asked how to maintain your ISO compliance with staff working from home and while it poses some problems, it’s certainly not difficult. The first thing to remember is that ISO 27001 defines the requirements for the Information Security Management System (ISMS). This ISMS has […]
Many things that are important in getting ISO 27001 compliant but in this blog post, I’ve narrowed it down to just 4 key areas. Trust me. By focussing on these objectives, you will greatly simplify your journey. Make it relevant First things first. You need to make it relevant. People will be more supportive if […]
ISO 27001 Audits can be stressful for those involved as a lot riding on the audit’s outcome. This is especially true if it’s the organisation’s first audit and there’s a compelling commercial reason to achieve ISO 27001 certification. Heads might roll if they don’t pass the audit. The ISO certification audit comes in two stages […]
The General Data Protection Regulation (GDPR) may have come into force in 2018 but 2019 was the dominating year for it. Last year, we saw companies put more effort into not only achieving GDPR compliance but into actively maintaining it. This is harder to do than it might seem — as just one mistake can result in a […]
If you’re about to embark on the journey to ISO 27001, or if you’ve achieved the certification and are now in the process of maintaining it, then the new privacy information management extension to ISO 27001 could be something you may want to consider. It was purposefully developed to address and assist organisations in meeting […]