Blog ISO 27001

What documentation do you need for ISO 27001?

If you want an external auditor to certify your information security management system, you need to store documentation of for all elements in your policy. To make audits to go swiftly and smoothly, you should store all documented information in one easy-to-access place. In this post we provide an overview of what information needs to be stored and…

Sieuwert van Otterloo

ISO 27001 Lead Auditor training November 20-23

It is important and often mandatory for organisation with a security policy to provide the right training to all key roles involved in information security and privacy. One key role in security policies is internal auditor, and we recommend the ISO 27001 lead auditor course for anyone involved in the internal audit programme. This is…

Floris van den Broek

All candidates pass the ISO 27001 lead auditor exam

Congratulation to the candidates of our recent ISO 27001 lead auditor course. All candidates (Jan-Jasper, Joost, Floris, Sieuwert) that participate in this five day course have passed the exam. They can now call themselves IRCA certified information security auditors and are well equipped for key roles in information security teams.

Sieuwert van Otterloo

Information security and PDCA (Plan-Do-Check-Act)

Standards such as ISO 27001 require you to use a method for continuous improvement in your information security policy. PDCA or Plan-Do-Check-Act is the preferred method for most information security teams and we recommend you to use this method, described in this article.

Sieuwert van Otterloo

Information security – Cryptographic controls policy example

Using cryptographic controls such as encryption can help with information security, but only if it is applied correctly. To make sure it is used in the right way, it is recommended by standards such as ISO 27002 have a data encryption policy. In this article we share the ICT Institute data encryption policy, that is…

Sieuwert van Otterloo