Browse our site

Search for.... iso 27001 (10)

Blog (65) DQS Academy - Train­ings & Courses (20) Product (16) White Papers (5) Newsroom (2) ISO 27001 Trans­ition Guide (1) Know­ledge Center (1)
Blog

Watch, Detect, Respond: Tips for Logging & Monitoring Activity on your system with ISO 27001:2022 Controls A.8.15 and A.8.16

This is another reasonably long post, which covers considerations on logging and monitoring activities within your systems. These form the basis of understanding and tracking what is happening within the system, and ability to use that information to inform you when the key information is accessed and unexpected actions are performed.
Show more
Blog

Fortifying the Supply Chain: A Guide to Controls A.5.19 - A.5.23

As we keep going through the Organisational controls of ISO 27001:2022, this article focuses on controls A.5.19 through to A.5.23. We will cover all things related to suppliers, including agreements, managing security within the supply chain and monitoring, review and managing changes with your suppliers. We will also include specific details about cloud suppliers.
Show more
Blog

Securing the Backbone: Tips for Protecting Media, Cabling, and Equipment in Controls A.7.10 – A.7.14

In this post, we will cover the remaining Physical Controls of the ISO 27001 standard. This will include any equipment and storage media which may be kept at your physical premises and its disposal or re-use as well as  security of cabling to prevent this from being used to intercept information, or disrupt your digital services.
Show more
Blog

Navigating Legal, IP and PII Requirements in ISO 27001 Controls A.5.31 - A.5.34

In this post, we will cover the regulatory, legal and other requirements that are relevant to businesses, which include how to manage them to protect yourself from any potential litigation or other legal disputes. Controls around privacy, including intellectual property, personal identifiable information (PII) and how records are protected in controls A.5.31 to A.5.34 will be covered.
Show more
Blog

Strengthening User Device Security with Control A.8.01

This post will be the start of the journey through Section A.8 - Technological controls of Annex A of the ISO 27001:2022 standard. The controls in A.8 will cover all technology based controls within your ISMS, from user access and authentication, antivirus, network security, software, logging and monitoring among others. We begin with what is one of the largest risks and broadest categories…. Use...
Show more
Blog

Information security for SMEs

Industry 4.0, digitalization, and artificial intelligence: it's hard to imagine everyday working life without digital data flows. No matter how small or large your company is, which industry it belongs to, or whether it operates internationally or not, the topic of information security concerns everyone. Small and medium-sized enterprises (SMEs), in particular, should therefore see the revision o...
Show more
Blog

ISO 27001 Clause 5: A Focus on Leadership, Commitment, Responsibility and Information Security Policy

Welcome to our latest blog post dedicated to navigating the complexities of implementing an ISMS. This post will focus on the leadership and commitment necessary for the successful establishment, implementation, maintenance, and continual improvement of an ISMS. From fostering leadership buy-in to establishing clear roles and responsibilities, join us as we explore the critical steps required to ...
Show more
Blog

Revision of ISO 27002 - These are the changes

#27002: A refreshing revision of the standard with a streamlined structure, new content and contemporary indexing. In the first quarter of 2022, the update of ISO/IEC 27002 has been released as a harbinger for the revision of ISO/IEC 27001 expected in the fourth quarter of 2022. Read here what has changed with the new ISO 27002:2022 - and what this means in terms of the revision of ISO 27001:2022...
Show more
Blog

The new ISO/IEC 27001:2022 - key changes

Value-added business processes are driven by information and data. Without information exchange, nothing works in our digital economy. Our basic services are based on critical infrastructures whose functionality is highly dependent on the exchange of information and data. Information security extends far into the reality of our work and lives. Protecting information-driven daily operations, criti...
Show more
Blog

If you don’t have it, malicious actors can’t get it. Deleting, masking and preventing data leakage with controls A.8.10 and A.8.11 of ISO 27001:2022.

This post is a reasonably long post, which covers considerations on how you handle and consider how you store data. We include data masking, leakage prevention to help you protect the important data within your system. But, first, we start with information deletion, so working out how and when to remove data from your system. As the saying goes, if you don’t have it, it can’t be stolen.
Show more