Blog policy
A new radical AI Policy for research and education
Radical changes require radical solutions. This is a new policy for the use of AI in research that will solve all current problems caused by the opposition against the use of AI in education and research. It is applicable as of today at Dutch universities.
Sieuwert van Otterloo
ISO27002:2022 explained – People controls
In this article, we explain the new ISO 27002:2022 chapter 6 – People controls. This covers the controls required for secure human resources management. This is the second article in a series of four, each article covering one chapter: Organization controls (chapter 5) People controls (chapter 6) – This article Physical controls (chapter 7) Technological…
Sieuwert van Otterloo
What documentation do you need for ISO 27001?
If you want an external auditor to certify your information security management system, you need to store documentation of for all elements in your policy. To make audits to go swiftly and smoothly, you should store all documented information in one easy-to-access place. In this post we provide an overview of what information needs to be stored and…
Sieuwert van Otterloo
Information security – Cryptographic controls policy example
Using cryptographic controls such as encryption can help with information security, but only if it is applied correctly. To make sure it is used in the right way, it is recommended by standards such as ISO 27002 have a data encryption policy. In this article we share the ICT Institute data encryption policy, that is…
Sieuwert van Otterloo
Four password policy rules that lead to better cyber security
A good password policy is one of the simplest and most important security measures one can take. In this article we describe the four rules that any company should include in their security policy, especially if they want to comply to the ISO 27001 standard.
Sieuwert van Otterloo