Blog ISO 27001

ISO27002:2022 explained – Technological controls

In this article, we explain the new ISO 27002:2022 chapter 8 – Technological controls. This covers the controls required to set up and maintain secure technological systems, particularly focusing on secure systems, development and code management. This is the last article in a series of four, each article covering one chapter: organization controls (chapter 5)…

Sieuwert van Otterloo 20 December 2021

ISO27002:2022 explained – Physical controls

In this article, we explain the new ISO 27002:2022 chapter 7 – Physical controls. This covers the controls necessary to protect information from physical threats. This is the third article in a series of four, each article covering one chapter: organization controls (chapter 5) people controls (chapter 6) physical controls (chapter 7)- This article technological…

Sieuwert van Otterloo 17 December 2021

ISO 31000 in relation to ISO 27001

Risk management plays a very important role in an ISO 27001 Information Security Management System (ISMS). At the end of paragraph 6.1 “Actions to address risks and opportunities” there is however a reference to a fairly unknown norm ISO 31000. What is the relationship between ISO 31000 and ISO 27001? In this blog we briefly…

Jelle Hoekstra 8 January 2021

Checklist for an information security audit

Several participants of our information security training course have asked us for an audit plan checklist. In this article we share our checklist based on the official IRCA/CQI guidelines. The checklist is applicable to both internal and external audits. It was designed for ISO 27001 audits but can also be used for other ISO standards. 

Sieuwert van Otterloo 12 July 2019

New 2018 version of Security Verified standard

The open standard ‘Security Verified’, has been updated in August 2018. It is a minor update to improve readability and to make the standard fully aligned with GDPR. The recent update should make this standard even easier to use for organisations that want a good Information Security Policy based on the same principle as ISO…

Sieuwert van Otterloo 15 August 2018