Browse our site

Search for.... iso 27001 (9)

Blog (65) DQS Academy - Train­ings & Courses (20) Product (16) White Papers (5) Newsroom (2) ISO 27001 Trans­ition Guide (1) Know­ledge Center (1)
Blog

Developing and Releasing Secure Software with ISO 27001 Controls A.8.28–A.8.31

As digital systems become increasingly complex and interconnected, ensuring the integrity, resilience, and security of technical environments is more critical than ever. We continue our analysis of data security within the SDLC by looking at controls A.8.28 (Secure Coding), A.8.29 (Security testing in development and acceptance), A.8.30 (Outsourced development) and A.8.31 (Separation of developme...
Show more
Blog

ICT security for business continuity - control 5.30 in ISO 27001

Smoothly functioning information and communication technology (ICT) is essential for maintaining business processes in the context of digitalization. Even the shortest outages and disruptions are often accompanied by severe financial losses. Hackers exploit this potential for damage when they encrypt data and systems in sophisticated ransomware attacks and only release them after high ransoms hav...
Show more
Blog

Why ISO 27001 Is Critical for Hong Kong's Stablecoin Sector: Hidden Risks and Governance Gaps

As Hong Kong positions itself as a global hub for virtual assets, the rise of stablecoins is transforming the financial landscape. With over USD 1.5 billion raised by fintech startups in early 2025 and an increasingly favorable regulatory stance from the Hong Kong Monetary Authority (HKMA), the city is becoming a magnet for Web3 and blockchain finance. However, behind the boom lies a critical que...
Show more
Blog

Organisational Controls: Crafting Policies and Defining Responsibilities in A.5.1 - A.5.4

The controls listed in Annex A of ISO 27001 have been updated in the new 2022 version of the standard to reflect the emergence of cloud technologies and new threats to emerge since the previous version was published back in 2013.They essentially tell you what you should do to minimise (or eliminate) the risks associated with your information security management system (ISMS).  One strengths of ce...
Show more
Blog

Building Strong ISMS Objectives with Examples

One thing which can cause some confusion, and we get asked to clarify during ISO 27001 audits surrounds objectives of an ISMS. So, we have decided to post this blog on tips and tricks for determining appropriate objectives which are relevant to your organisation.
Show more
Blog

Information security in the media industry: Broadcasting with ISO 27001 certificate

Information is the most important economic asset for media companies. Accordingly, information security and data protection are key issues in the media industry - especially against the backdrop of rapidly increasing cyber attacks and state-motivated disinformation campaigns. But how does a service provider for large public and many private broadcasters deal with this challenge? LOGIC media solut...
Show more
Blog

Optimising Capacity and Defending Against Malware: ISO 27001 Controls A.8.06 & A.8.07 Explained

This post investigates how you can meet controls A.8.06 and A.8.07 to ensure that you have sufficient capacity to deal with workload within your business, both technical capacity and have enough other resources. We will go through how to protect your systems from malware.
Show more
Blog

Why ISO 42001 is the Essential Strategic Upgrade to Your ISO 27001 Certification

For years, achieving ISO/IEC 27001 certification has been the gold standard for demonstrating a commitment to information security in Hong Kong. Your organization has likely invested significant resources to build and maintain its Information Security Management System (ISMS), securing your critical data assets and earning customer trust. But in an era where 75% of Hong Kong banks are already dep...
Show more
Blog

From Secure Areas to Off-Site Assets: Strengthening Physical Security with Controls A.7.6 - A.7.9

This blog post will continue through the Physical Controls of ISO 27001:2022, covering controls A.7.6 through to A.7.9. These controls continue the protection the physical premises where your data is stored and used, with a focus on the working areas, and controls around securing the work being done.
Show more
Blog

ISO 19011 - How to manage audits competently

ISO 19011 is an internationally recognized standard for auditing management systems, for example quality management systems according to ISO 9001 or information security management systems according to ISO 27001. It is applicable to all organizations and companies that perform internal and/or external audits of management systems or are responsible for managing an audit program.
Show more