Introduction: As more companies shift to remote work or allow employees to use personal mobile devices for work-related tasks, it is essential to establish policies and security controls to mitigate the risks that these devices can pose. A mobile device policy is necessary to ensure that all portable systems, including […]
Information Security Management Systems
139 posts
Introduction: Project management is an essential part of any organization’s operations, especially in the implementation of new systems, applications, and processes. However, it is also crucial to ensure that information risks and security requirements are identified and addressed at all stages of all projects, including new developments and changes to […]
Introduction: In today’s rapidly evolving digital landscape, maintaining information security is of utmost importance for businesses of all sizes. Cyberattacks and data breaches have become more common and sophisticated, making it essential for organizations to stay up-to-date with emerging threats and security technologies. One effective way to do this is […]
Introduction: Businesses face various types of risks, including natural disasters, cyber-attacks, and other emergencies. When such incidents occur, the first line of response is often the contact with regulatory or other authorities and bodies that might need to be contacted in case of queries, incidents, and emergencies. Therefore, it is […]
Introduction: Information security is a critical aspect of any organization, and maintaining the security of sensitive data and systems is essential to ensure business continuity and protect against potential security breaches. One of the fundamental principles of information security is segregation of duties, which involves separating critical duties or tasks […]
Introduction: The concept of teleworking or telecommuting has been around for several decades. However, it was only in recent years that teleworking became a popular alternative to traditional office-based work. With the COVID-19 pandemic forcing many companies to adopt remote work policies, teleworking has become even more prevalent. Teleworking offers […]
Checklist of ISO/IEC 27001 - A.6.1.1 Information security roles and responsibilities to check the overall information risk and security governance and management structure.
A.5.1.2 of the ISO 27001 standard requires organizations to evaluate the process for reviewing information security and related policies. This involves checking a sample of policies for details such as policy title, scope and applicability, status, names of authors and accountable owners, version numbers, dates of publication, who approved them, document history/date of last and next reviews, and associated compliance arrangements.
The "Checklist for A.5.1.1 Policies for Information Security" is a comprehensive guide for ISO Annex A.5.1.1 that helps organizations establish and maintain effective information security policies.
The Statement of Applicability (SoA) is an important component of the ISO 27001 information security management system (ISMS) standard.