Browse our site

Search for.... iso 27001 (5)

Blog (65) ISO 27001 Trans­ition Guide (1) Remove
Blog

Organisational Controls: Crafting Policies and Defining Responsibilities in A.5.1 - A.5.4

The controls listed in Annex A of ISO 27001 have been updated in the new 2022 version of the standard to reflect the emergence of cloud technologies and new threats to emerge since the previous version was published back in 2013.They essentially tell you what you should do to minimise (or eliminate) the risks associated with your information security management system (ISMS).  One strengths of ce...
Show more
Blog

Information security in the media industry: Broadcasting with ISO 27001 certificate

Information is the most important economic asset for media companies. Accordingly, information security and data protection are key issues in the media industry - especially against the backdrop of rapidly increasing cyber attacks and state-motivated disinformation campaigns. But how does a service provider for large public and many private broadcasters deal with this challenge? LOGIC media solut...
Show more
Blog

Building Strong ISMS Objectives with Examples

One thing which can cause some confusion, and we get asked to clarify during ISO 27001 audits surrounds objectives of an ISMS. So, we have decided to post this blog on tips and tricks for determining appropriate objectives which are relevant to your organisation.
Show more
Blog

Optimising Capacity and Defending Against Malware: ISO 27001 Controls A.8.06 & A.8.07 Explained

This post investigates how you can meet controls A.8.06 and A.8.07 to ensure that you have sufficient capacity to deal with workload within your business, both technical capacity and have enough other resources. We will go through how to protect your systems from malware.
Show more
Blog

Why ISO 42001 is the Essential Strategic Upgrade to Your ISO 27001 Certification

For years, achieving ISO/IEC 27001 certification has been the gold standard for demonstrating a commitment to information security in Hong Kong. Your organization has likely invested significant resources to build and maintain its Information Security Management System (ISMS), securing your critical data assets and earning customer trust. But in an era where 75% of Hong Kong banks are already dep...
Show more
Blog

From Secure Areas to Off-Site Assets: Strengthening Physical Security with Controls A.7.6 - A.7.9

This blog post will continue through the Physical Controls of ISO 27001:2022, covering controls A.7.6 through to A.7.9. These controls continue the protection the physical premises where your data is stored and used, with a focus on the working areas, and controls around securing the work being done.
Show more
Blog

ISO 19011 - How to manage audits competently

ISO 19011 is an internationally recognized standard for auditing management systems, for example quality management systems according to ISO 9001 or information security management systems according to ISO 27001. It is applicable to all organizations and companies that perform internal and/or external audits of management systems or are responsible for managing an audit program.
Show more
Blog

Watch, Detect, Respond: Tips for Logging & Monitoring Activity on your system with ISO 27001:2022 Controls A.8.15 and A.8.16

This is another reasonably long post, which covers considerations on logging and monitoring activities within your systems. These form the basis of understanding and tracking what is happening within the system, and ability to use that information to inform you when the key information is accessed and unexpected actions are performed.
Show more
Blog

Fortifying the Supply Chain: A Guide to Controls A.5.19 - A.5.23

As we keep going through the Organisational controls of ISO 27001:2022, this article focuses on controls A.5.19 through to A.5.23. We will cover all things related to suppliers, including agreements, managing security within the supply chain and monitoring, review and managing changes with your suppliers. We will also include specific details about cloud suppliers.
Show more
Blog

Securing the Backbone: Tips for Protecting Media, Cabling, and Equipment in Controls A.7.10 – A.7.14

In this post, we will cover the remaining Physical Controls of the ISO 27001 standard. This will include any equipment and storage media which may be kept at your physical premises and its disposal or re-use as well as  security of cabling to prevent this from being used to intercept information, or disrupt your digital services.
Show more