Organic Compliance! Deep Dive into a Clause, No Matter which…

One of the effective techniques to handle ISO 27001 or any other security management standard or framework is to go deep into a matter regardless of where you want to start or even where to are forced to start.  In practice, the main challenging question and the answer for that to many organizations, when they… Continue reading Organic Compliance! Deep Dive into a Clause, No Matter which…

ISMS is Not equal to Real Security!

Is having an information security management system equal to actual security?  Nop! Having an information security management system is not an indication of quality of security controls. Management systems are easier way of administration in a standard and systematic way, but they do not necessarily an indication of security control effectiveness.  As an example, ISO… Continue reading ISMS is Not equal to Real Security!

How to effectively audit any ISO 27001 process?

First of all, auditor needs to be a SME, not only to the security management system, but also specifically in regards to ISO 27001. The reason is related to the fact that “terminology” or “particular definition” of terms is important.  Then there are three simple aspects of any process or policy document which should have been adequately addressed by… Continue reading How to effectively audit any ISO 27001 process?

ISO 27001 Audit Tips and Tricks

the easy way to maintain an effective, low cost and smart ISO 27001 security management system Even though there is no magic behind auditing a system based on ISO 27001, there are simple tricks which help you handle ISO 27001 or many other similar standards and frameworks, both as and auditor and auditee. I would… Continue reading ISO 27001 Audit Tips and Tricks