A blog about GRC (Governance, Risk Management, and Compliance)

Do you need to explain what ISO 27001 is?

[fa icon="calendar'] Wednesday, 29 November 2023 / by NorthGRC under ISO Standards & Certification

[fa icon="comment"] 0 comments

We've produced this video to help you communicate the main components of an Information Security Management System (ISMS), as described in ISO 27001. You may need this information when talking to your company's management team, and getting onboard in securing your business.

Watch the video explaining what ISMS and ISO27001 are.

 

These four facts about ISO 27001 and an ISMS are vital in your work as someone who deals with information security, risks, or IT in general. Understanding the fundamentals and getting started the right way is the biggest step of them all.

 

The four facts about ISO27001 are:

  1. ISO27001 is an international standard about how to manage your information security
  2. You must know your risks!
  3. You need an Information Security Policy
  4. It is a process, not a project!

 

We are experts in information security (ISO 27001/-2) and GDPR, and our ISMS is an intuitive cloud-based platform where you can handle everything you need in regards to both ISO27001/-2 and GDPR.

 

Get deeper into information security, GDPR, and our ISMS either by browsing our knowledge base or visiting the main ISMS page here.

More [fa icon="long-arrow-right"]

ISMS: The value you can measure is the value you deliver

[fa icon="calendar'] Monday, 12 November 2018 / by Jakob Holm Hansen under ISO Standards & Certification

[fa icon="comment"] 0 comments

ISMS performance monitoring allows security officers to document specific business values while also enhancing the level of security within the organisation. A white paper provides inspiration on how to select, define, and monitor effects in an ISMS solution.

More [fa icon="long-arrow-right"]

Six questions about the ISO 27001 revision (with answers)

[fa icon="calendar'] Tuesday, 30 April 2013 / by Jakob Holm Hansen under Risk Managment, ISO Standards & Certification

[fa icon="comment"] 0 comments

How does the ISO 27001 revision impact your risk management?

More [fa icon="long-arrow-right"]

Three ways the ISO 27001 revision will affect your company

[fa icon="calendar'] Monday, 15 April 2013 / by Jakob Holm Hansen under ISO Standards & Certification

[fa icon="comment"] 0 comments

It has been eight years since the ISO 27001 standard was last revised but now changes are coming.

More [fa icon="long-arrow-right"]

4 responsible shortcuts to good enough risk assessments

[fa icon="calendar'] Wednesday, 23 May 2012 / by Jakob Holm Hansen under ISO Standards & Certification

[fa icon="comment"] 0 comments

Information security standards have at least two characteristics: 1) they can cure most sleep problems and 2) some describe a relatively perfect world where those responsible for information security have plenty of time and where there are enough resources to analyse needs and document decisions. Even though I may have started this post a little sarcastic, I'm actually a big supporter of standards and "best practice"; I see no reason to reinvent good stuff. I cannot do anything about the standards being boring, but I write this post to suggest some responsible shortcuts to a good start on risk assessments and as a pragmatic approach to ISO 27001 compliance (should you want that).

More [fa icon="long-arrow-right"]

GRC blog

The NorthGRC blog offers advice and knowledge of effective information security management, security strategies, risk management, compliance with information security standards and other requirements, business continuity planning, ISO2700x, EU Data Protection Regulation, PCI DSS, etc.

Popular Posts