Blog information security

The ISO 27001 Harmonized Structure

In this article, we walk through the Harmonized Structure of the ISO 27001 (Chapters 4-10) and explain how to implement it using the Plan-Do-Check-Act (PDCA) cycle. This will be the basis for your Information Security Management System (ISMS) according to the standard. The “engine” of the ISMS: Chapters 4 to 10 ISO 27001 is structured…

Pavlo Burda 26 February 2026

Supplier management in ISO 27001

Since suppliers often have access to information assets that are critical to business operations, the ISO 27001 standard dedicates a full set of organizational controls (5.19–5.23) to managing information security risks in supplier relationships. In this article, we explain these controls and provide a supplier register template.

Pavlo Burda 29 December 2025

ISO 27001 technological controls for software development

The latest version of ISO 27001 contains multiple controls about secure development, engineering, coding and testing that seem to overlap. In this article we provide guidance how to implement these controls. The overlapping controls explained are 8.25, 8.26, 8.27 and 8.28. We also cover 8.31 and 8.33 (test environments and test information).

Sieuwert van Otterloo 24 December 2024

NOREA recommends CIS controls against ransomware

NOREA, the Dutch professional organisation of IT auditors, has conducted a study into a framework for ransomware measures, in response to the increasing ransomware attacks that have been reported in the news, both internationally and in the Netherlands. The use of ransomware has been around for quite some time, however it is very evident that…

Sieuwert van Otterloo 9 October 2023

The NIS-2 Directive: raising the security bar in Europe

In the final days of December 2022, a new Information Security Directive has been published by the European Commission. The NIS-2 Directives, aimed at improving the resilience of Europe’s Network and Information Systems, succeeds and supersedes its older brother by both broadening the scope and taking into account the ever changing information security landscape. In…

Joost Krapels 3 February 2023