A blog about GRC (Governance, Risk Management, and Compliance)

Do you need to explain what ISO 27001 is?

[fa icon="calendar'] Tuesday, 06 April 2021 / by Neupart under ISO 27001, Information Security Management, Information risk management, ISMS

[fa icon="comment"] 0 comments

We've produced this video to help you communicate the main components of an Information Security Management System (ISMS), as described in ISO 27001. You may need this information when talking to your company's management team, and getting onboard in securing your business.

Watch the video explaining what ISMS and ISO27001 are.

 

These four facts about ISO 27001 and an ISMS are vital in your work as someone who deals with information security, risks, or IT in general. Understanding the fundamentals and getting started the right way is the biggest step of them all.

 

The four facts about ISO27001 are:

  1. ISO27001 is an international standard about how to manage your information security
  2. You must know your risks!
  3. You need an Information Security Policy
  4. It is a process, not a project!

 

We are experts in information security (ISO 27001/-2) and GDPR, and our ISMS is an intuitive cloud-based platform where you can handle everything you need in regards to both ISO27001/-2 and GDPR.

 

Get deeper into information security, GDPR, and our ISMS either by browsing our knowledge base or visiting the main ISMS page here.

More [fa icon="long-arrow-right"]

Hacking online meetings

[fa icon="calendar'] Monday, 09 November 2015 / by Jakob Holm Hansen under Information risk management, Risk assessments, Risk management

[fa icon="comment"] 0 comments

By Gaffri Johnson, Neupart

Why risks related to information sharing via calendars and online meeting tools should be included in your annual it risk assessment.

More [fa icon="long-arrow-right"]

Risk assessment is a process - 3 reasons to do it again (and again)

[fa icon="calendar'] Friday, 10 July 2015 / by Jakob Holm Hansen under Information risk management, Risk assessments, Risk management

[fa icon="comment"] 0 comments

Information security risk assessments are an integral part of managing information security. Unfortunately, it is not uncommon for businesses to consider risk assessment as something they need to get over with in order to meet certain requirements. 

More [fa icon="long-arrow-right"]

Has ‘Plan-Do-Check-Act´disappeared in the new ISO 27001?

[fa icon="calendar'] Friday, 04 April 2014 / by Jakob Holm Hansen under ISO 27001:2013, ISO 27001, Information Security Management, Information risk management, overview information security management, Compliance and task management, plan-do-check-act, ISMS, ISO Standards

[fa icon="comment"] 0 comments

The Plan-Do-Check-Act (PDCA) process originates from quality assurance in production environments, but has for some years also been a requirement in the ISMS standard ISO 27001 (ISMS = Information Security Management System).

More [fa icon="long-arrow-right"]

The new ISO 27001 is out! How to develop a Statement of Applicability

[fa icon="calendar'] Friday, 11 October 2013 / by Jakob Holm Hansen under risk analysis, gap analysis, Information risk management, Statement of Applicability, SoA, risk treatment, controls, iso iec 27001:2013

[fa icon="comment"] 0 comments

The 2022 editions of the widely used standards for information security management, ISO 27001 and 27002 have been updated. The new versions contain a number of improvements that should be of interest to companies that lean towards ISO 27001 or comply with it.

More [fa icon="long-arrow-right"]

How to assess your business risks when going cloud

[fa icon="calendar'] Sunday, 11 August 2013 / by Jakob Holm Hansen under IT Outsourcing, Information risk management, Threat assessments, Risk assessments, Cloud computing security

[fa icon="comment"] 0 comments

Cloud computing promises many benefits. Cost reductions, improved efficiency and improved security is what many companies can gain from moving into the cloud.

More [fa icon="long-arrow-right"]

IT Risk Management increases your IT outsourcing success

[fa icon="calendar'] Monday, 03 June 2013 / by Jakob Holm Hansen under ISO 27001, IT Outsourcing, Information risk management, Threat assessments, Risk assessments, Outsourcing, SecureAware, ISO 27005

[fa icon="comment"] 0 comments

IT outsourcing can be a highly positive experience.

More [fa icon="long-arrow-right"]

Six questions about the ISO 27001 revision (with answers)

[fa icon="calendar'] Tuesday, 30 April 2013 / by Jakob Holm Hansen under ISO 27001, NIST SP 800-53, Information risk management, BrightTalk, Risk management

[fa icon="comment"] 0 comments

How does the ISO 27001 revision impact your risk management?

More [fa icon="long-arrow-right"]

GRC blog

The NorthGRC blog offers advice and knowledge of effective information security management, security strategies, risk management, compliance with information security standards and other requirements, business continuity planning, ISO2700x, EU Data Protection Regulation, PCI DSS, etc.

Popular Posts