ISO27001 for Information Security Management Systems clause 9 Performance Evaluation is full of that favourite ISO term "shall" which as we all know means you must do what they are asking. Clause 9 is split into 3 subclauses to help focus you onto the things that really drive the performance evaluation requirements in any management: 9.1 Monitoring...

Clause 10 of ISO27001 Information Security Management Systems (ISMS) is where you get some serious value for your organisation. Along the way to implementing your ISMS you have planned things out, you have implemented your information security management policy, implemented various new processes and systems and in your internal auditing process you...

Clause A6, Organisation of Information Security, of the ISO 27001 is about providing guidance on the management framework of your Information Security Management System (ISMS). Clause A6 is split into two sections, A6.1 covers the Internal Organisation while clause A6.1 covers Mobile Devices and Teleworking (remote working) which is particularly on...

When organisations think about Information Security and what things need to be in place to achieve their ISO27001 Information Security Management System (ISMS) certifications for some reason they mostly forget about the Human Resources function. That is a little strange when you think about it, your relationship with employees and contractors for t...

Often companies when you start talking about asset management you find that companies don't really have a proper asset list, sure they may have a list of capitalised items they have bought that have been added to the 'asset list' but all that is, in reality, is just a set up in the finance ledger to capture depreciation – that's not an asset list. ...

It's probably fair to say that when people think about information security and ISO27001 they rightly think about passwords, access control and who can see what information. Your Information Security Management System (ISMS) is clearly more than that, but it is a very important part and you do need to spend a large part of your time getting the req...

When you first think about cryptography and it's uses, it's not hard to just to the realms of James Bond and secret codes that unlock the secrets of organisations and the nation, why would you need to care about it? The answer is simple really, in today's cloud computing environment for example cryptography appears everywhere, in secure computer sy...

When people think about ISO27001 for Information Security Management Systems (ISMS) they tend think about the world of cyberspace, of virtual set ups and protecting their information form someone on a PC hacking in from the other side of the world. That's certainly a part of it and in reality, a small part of it. Your real-world threats are just as...

We split ISO27001 for Information Security Management Systems Annex Clause A11 into 2 parts to try and keep it a bit shorter but also to emphasis that you do need to think about both areas as two steps of the process. In Part 1 we talked about Annex Clause A11.1 – Secure Areas, here we'll talk about 11.2 Equipment. It's easy to just think of secure...

Annex 12 – Operational Security for your ISO27001:2013 Information Security Management System (ISMS) is a pretty substantial clause since it's all about preventing the loss or availability, integrity and importantly confidentiality of your business information. By substantial we mean there are 14 separate elements for you to think about controls th...