Volg ICTI

Blog ISO 27002

Register of suppliers – free template

Suppliers come in all shapes and sizes: utilities, cloud platforms, office facilities, email providers, equipment maintenance, accountants, freelancers, PEN-testers and last but not least, information security consultants like ICT Institute. Your relationship with them should include information security considerations. The security requirements for suppliers depends on the service or product they provide. Your outsourced HR…

Sieuwert van Otterloo

ISO27002:2022 explained – People controls

In this article, we explain the new ISO 27002:2022 chapter 6 – People controls. This covers the controls required for secure human resources management. This is the second article in a series of four, each article covering one chapter: Organization controls (chapter 5) People controls (chapter 6) – This article Physical controls (chapter 7) Technological…

Suzanne Atkins

ISO27002:2022 explained – Organizational controls

The information security standard ISO 27001 consists of a main structure and an annex of recommended controls. The recommended controls are further explained in an additional standard ISO 27002. The main structure explains how a well-functioning ISMS (Information Security Management System) should be set up and maintained. The controls are specific actions that organisations should…

Joost Krapels

ISO27002:2022 – what’s new?

ISO 27001:2013, a certification standard for Information Security Management systems, uses an extensive list of example control measures that organisations have to comply with, or explain the control is not applicable (comply or explain). This list of 114 controls is elaborated on in ISO 27002, showing how to implement them in practice. After eight years,…

Joost Krapels

Checklist for an information security audit

Several participants of our information security training course have asked us for an audit plan checklist. In this article we share our checklist based on the official IRCA/CQI guidelines. The checklist is applicable to both internal and external audits. It was designed for ISO 27001 audits but can also be used for other ISO standards. 

Sieuwert van Otterloo