Blog policy

ISO27002:2022 explained – People controls

In this article, we explain the new ISO 27002:2022 chapter 6 – People controls. This covers the controls required for secure human resources management. This is the second article in a series of four, each article covering one chapter: Organization controls (chapter 5) People controls (chapter 6) – This article Physical controls (chapter 7) Technological…

Suzanne Atkins

What documentation do you need for ISO 27001?

If you want an external auditor to certify your information security management system, you need to store documentation of for all elements in your policy. To make audits to go swiftly and smoothly, you should store all documented information in one easy-to-access place. In this post we provide an overview of what information needs to be stored and…

Sieuwert van Otterloo

Information security – Cryptographic controls policy example

Using cryptographic controls such as encryption can help with information security, but only if it is applied correctly. To make sure it is used in the right way, it is recommended by standards such as ISO 27002 have a data encryption policy. In this article we share the ICT Institute data encryption policy, that is…

Sieuwert van Otterloo

Four password policy rules that lead to better cyber security

A good password policy is one of the simplest and most important security measures one can take. In this article we describe the four rules that any company should include in their security policy, especially if they want to comply to the ISO 27001 standard.

Sieuwert van Otterloo

Getting started with a responsible disclosure policy

A responsible disclosure policy allows people to test the security of your IT. It is a highly recommended security measure for larger organisations: it gives more insight, reduces incidents and helps find security talent.

Sieuwert van Otterloo