Request a Demo

Tag: ISO

What if companies are not able to identify and use the information from customers that is most important for the business? “WHAT IF” Series

Important Information

The importance of information from customers can vary depending on the nature of the business and its goals. However, some key types of customer information are universally valuable: 1. Customer Feedback: •       Reviews and Ratings: Provides direct insights into customer satisfaction, product quality, and areas for improvement. •       Surveys and Questionnaires: Helps gather detailed opinions and suggestions […]

What if a company does not have reliable information? “WHAT IF” Series

Information

Ensuring reliable information is crucial for any company’s success. Here are some strategies companies can use: Data Quality Management: Implement processes to regularly clean and validate data to ensure accuracy and consistency. Reliable Sources: Use reputable and verified sources for information, whether it’s market research, customer data, or financial reports. Technology and Tools: Invest in […]

What if companies WANT but DON’T KNOW how to secure their information? “WHAT IF” Series

Information security

By adopting ISO 27001: 2022, companies can significantly strengthen their information security posture and reduce the risk of data breaches. Getting ISO 27001 certified involves several key steps. Here’s a general outline of the process: Gain Management Support: Secure commitment from top management to ensure the necessary resources and support for the certification process. Define […]

Risk Treatment Plan Compliance and Effectiveness

Cyber threat image

Verifying that the information security risk treatment plan has been implemented, documented, and that information is retained involves several key steps and verification methods. Follow this structured approach to ensure compliance and effectiveness: 1. Implementation of Risk Treatment Plan A. Plan Execution and Implementation Actions: ·        Ensure that the risk treatment plan (RTP) is implemented according […]

Audit Results – ISMS V2022 Series

Cyber threat image

Ensuring that audit results are reported to management and that documented information about the audit program and audit results is retained requires a systematic approach that includes clear communication channels, defined responsibilities, and robust documentation practices. Here’s a step-by-step guide: 1. Establish Clear Reporting Procedures Audit Reporting Protocol: Develop and document a standardized audit reporting protocol […]

Non-Conformities & Corrective Actions – ISMS V2022 Series

Cyber threat image

To ensure that non-conformities identified during audits are subject to corrective action, a robust and well-documented corrective action process must be in place. Here’s a comprehensive approach to achieve this: 1. Establish a Corrective Action Process Procedure Documentation: Develop and document a corrective action procedure that outlines the steps to be taken when non-conformities are identified. […]

Management Reviews – ISMS V2022 Series

Cyber threat image

Evidence that top management undertakes a review of the Information Security Management System (ISMS) at planned intervals can be demonstrated through various documented information and records. These documents should clearly show the involvement of top management in the review process, their evaluation of ISMS’s performance, and their decisions for improvement. Here are some key pieces […]

Outputs of the Management Review – ISMS V2022 Series

Cyber threat image

To know that the output from the ISMS management review identifies changes and improvements, you should look for specific elements within the documented results of the management review meetings. These elements should clearly indicate that top management has considered the current state of the ISMS, assessed its performance, and identified necessary changes and improvements. Here […]

The Management Review and Interested Parties – ISMS V2022 Series

Cyber threat image

To ensure that the results of the management review are documented, acted upon, and communicated to interested parties appropriately, follow these structured steps: 1. Documentation of Management Review Results Meeting Minutes and Reports Detailed Minutes: Record comprehensive minutes of management review meetings. Include participants, agenda, discussions, decisions made, and action items. Management Review Report: Prepare […]

Non-Conformity Management – ISMS V2022 Series

Cyber threat image

To ensure that actions to control, correct, and deal with the consequences of non-conformities have been identified and effectively addressed, follow a structured approach that includes identification, documentation, planning, and verification. Here’s a comprehensive guide: 1. Identification of non-conformities Detection Mechanisms Audits: Conduct regular internal and external audits to identify non-conformities. Monitoring: Use continuous monitoring […]