Browse our site

Search for.... iso 27001 (7)

Blog (65) DQS Academy - Train­ings & Courses (20) Product (16) White Papers (5) Newsroom (2) ISO 27001 Trans­ition Guide (1) Know­ledge Center (1)
Blog

ISO 27001 Demystified

So, your company has been tasked with ISO 27001 compliance. What exactly does this entail? What steps should you take?In this blog post, we aim to address these questions, providing you with clear guidance on what needs to be done to get you to certification stage.
Show more
Blog

Implementing Web Filtering and Encryption in Line with ISO 27001 Controls A.8.23 – A.8.24

As digital threats continue to evolve, controlling how users access the internet and protecting data through encryption are essential elements of any modern information security management system (ISMS). These are addresses through the two key controls: A.8.23 Web Filtering and A.8.24 Use of Cryptography in ISO 27001:2022. In this post, we explore these controls and provide practical tips on how ...
Show more
Blog

AWS and Azure Are ISO 27001 Certified — But That Doesn't Mean Your Company Is

"We run everything on AWS. AWS has ISO 27001 certification. So we should be covered, right?"This is one of the most common — and most consequential — misunderstandings among IT managers and business decision-makers in Hong Kong. As cloud adoption accelerates across the city's financial services, logistics, healthcare, and professional services sectors, more enterprises are migrating core systems ...
Show more
Blog

Mitigating Threats Through Effective Management of Vulnerabilities and Configurations in ISO 27001:2022 Controls A.8.08 and A.8.09

In this instalment of our ISO 27001:2022 blog series, we delve into two critical controls from Annex A: A.8.08 Management of Technical Vulnerabilities and A.8.09 Configuration Management. These controls are vital for maintaining a secure and resilient information security environment, helping organisations proactively address vulnerabilities and establish robust configuration practices. In this p...
Show more
Blog

SOC 2 vs ISO 27001: Which Information Security Framework is Right for You?

In today’s digital economy, trust is currency. Whether you’re a SaaS provider scaling across markets or an enterprise processing sensitive client data, demonstrating your commitment to information security is no longer optional—it’s a prerequisite for doing business. Among the most recognized standards for managing and safeguarding data are SOC 2 Attestation and ISO 27001 Certification. They oft...
Show more
Blog

Mitigating Cyber Risks in Financial Services: The Impact of ISO 27001 Certification

In today’s digital world, where data privacy and protection are critical, organizations must prioritize information security. The growing number of cyber threats makes it essential for companies to safeguard sensitive information, whether it pertains to customers, employees, or partners. This is why businesses around the globe are implementing structured frameworks of policies and procedures to m...
Show more
Blog

Lessons learned from ISO 27001 - a case study of ENTERBRAIN Software

Information security is a must today - as evidenced by the daily news of cybercriminal attacks on organizations of all sizes and in all industries. Small and medium-sized enterprises in particular, but also many large companies, still do not have suitable protection for sensitive data and information against unauthorized access. The software service provider ENTERBRAIN is a good example of the su...
Show more
Blog

Risks, Opportunities, Objectives and Plans: Tips on implementing ISO 27001 Clause 6

The bedrock of ISO 27001 lies in managing risks and opportunities. The introduction to the standard clearly emphasises the importance of the information security management system (ISMS) in preserving the confidentiality, integrity, and availability of information. To instil confidence in interested parties, a robust system for managing risks and opportunities is imperative.
Show more
Blog

Understanding Clause 7.5: Documented Information

In the labyrinth of ISO 27001, one clause often causing headaches is 7.5 - Documented Information. The perennial dilemma of documenting enough without overdoing it can be a real challenge. Let's unravel the intricacies of this clause to shed light on what ISO 27001:2022 demands and how to navigate the documentation maze.
Show more
Blog

Practical Advice for Locking Down the Network with ISO 27001 Controls A.8.20–A.8.22

As part of ISO 27001:2022 Annex A, section 8 on technological controls, controls A.8.20 to A.8.22 focus on a critical component of information security: the network. Whether your organisation operates from a single office, supports remote workers, or has a complex multi-site infrastructure, network security forms the backbone of protecting data as it flows across systems and boundaries. In this p...
Show more