Blog ISO 27002

Register of suppliers – free template

Suppliers come in all shapes and sizes: utilities, cloud platforms, office facilities, email providers, equipment maintenance, accountants, freelancers, PEN-testers and last but not least, information security consultants like ICT Institute. Your relationship with them should include information security considerations. The security requirements for suppliers depends on the service or product they provide. Your outsourced HR…

Sieuwert van Otterloo

ISO27002:2022 explained – People controls

In this article, we explain the new ISO 27002:2022 chapter 6 – People controls. This covers the controls required for secure human resources management. This is the second article in a series of four, each article covering one chapter: Organization controls (chapter 5) People controls (chapter 6) – This article Physical controls (chapter 7) Technological…

Suzanne Atkins

ISO27002:2022 explained – Organizational controls

The well-know information security standard ISO 27001 is always accompanied by its sister-norm ISO 27002. Where the former details how a well-functioning ISMS (Information Security Management System) should be set up and maintained, the latter goes into detail on the example security controls of ISO 27001’s appendix. ISO 27002 is about to receive an update,…

Joost Krapels

ISO27002:2022 – what’s new?

ISO 27001:2013, a certification standard for Information Security Management systems, uses an extensive list of example control measures that organisations have to comply with, or explain the control is not applicable (comply or explain). This list of 114 controls is elaborated on in ISO 27002, showing how to implement them in practice. After eight years,…

Joost Krapels

Checklist for an information security audit

Several participants of our information security training course have asked us for an audit plan checklist. In this article we share our checklist based on the official IRCA/CQI guidelines. The checklist is applicable to both internal and external audits. It was designed for ISO 27001 audits but can also be used for other ISO standards. 

Sieuwert van Otterloo