ISO 27001 Annex A 5.6 Contact with Special Interest Groups is a security control that requires organizations to establish and […]
ISO 27001:2022 Annex A 5.6 Contact with special interest groups for AI Companies Read More »
If you are building Artificial Intelligence, your threat landscape looks vastly different from a traditional SaaS platform. You aren’t just
ISO 27001:2022 Annex A 5.7 Threat intelligence for AI Companies Read More »
In the AI industry, “project management” often looks like a chaotic mix of Jupyter notebooks, massive GPU clusters, and a
ISO 27001:2022 Annex A 5.8 Information security in project management for AI Companies Read More »
If you ask a traditional IT manager to list their assets, they will point to a spreadsheet listing laptops, servers,
ISO 27001 Annex A 5.10 Acceptable use of information and other associated assets is a security control that requires organizations
ISO 27001 Annex A 5.11 Return of Assets is a security control that mandates employees and contractors to return all
ISO 27001:2022 Annex A 5.11 Return of assets for AI Companies AI Companies Read More »
ISO 27001 Annex A 5.12 Classification of information is a security control that requires organizations to categorize information based on
ISO 27001:2022 Annex A 5.12 Classification of information for AI Companies Read More »
ISO 27001 Annex A 5.13 Labelling of information is a security control that mandates organizations to develop and implement appropriate
ISO 27001:2022 Annex A 5.13 Labelling of information for AI Companies Read More »
ISO 27001 Annex A 5.15 Access Control is a security control that mandates organizations to establish rules for restricting logical
ISO 27001:2022 Annex A 5.15 Access control for AI Companies Read More »
ISO 27001 Annex A 5.14 Information transfer is a security control that mandates organizations to establish rules, procedures, and agreements
ISO 27001:2022 Annex A 5.14 Information transfer for AI Companies Read More »
ISO 27001 Annex A 5.16 Identity management is a security control that requires organizations to manage the full lifecycle of
ISO 27001:2022 Annex A 5.16 Identity management for AI Companies Read More »
ISO 27001 Annex A 5.17 Authentication information is a security control that governs the allocation, management, and secure handling of
ISO 27001:2022 Annex A 5.17 Authentication information for AI Companies Read More »
ISO 27001 Annex A 5.18 Access rights is a security control that requires organizations to manage the full lifecycle of
ISO 27001:2022 Annex A 5.18 Access rights for AI Companies Read More »
ISO 27001 Annex A 5.20 Addressing information security within supplier agreements is a security control that mandates organizations to define
ISO 27001 Annex A 5.19 Information security in supplier relationships is a security control that requires organizations to establish, agree
ISO 27001 Annex A 5.21 Managing information security in the ICT supply chain is a security control that requires organizations
ISO 27001 Annex A 5.22 Monitoring, review and change management of supplier services is a security control that requires organizations
ISO 27001 Annex A 5.24 is a security control that mandates organizations to plan and prepare for managing incidents by
ISO 27001 Annex A 5.23 Information security for use of cloud services is a security control that requires organizations to
ISO 27001 Annex A 5.25 is a security control that requires organizations to formally evaluate information security events to determine
ISO 27001 Annex A 5.26 is a security control that requires organizations to establish and maintain documented procedures for responding
ISO 27001:2022 Annex A 5.26 Response to information security incidents for AI Companies Read More »
ISO 27001 Annex A 5.27 is a security control that requires organizations to analyze and learn from security incidents to
ISO 27001 Annex A 5.29 is a security control that ensures organizations maintain information security continuity during disruptive events. The
ISO 27001:2022 Annex A 5.29 Information security during disruption for AI Companies Read More »
ISO 27001 Annex A 5.28 is a security control that establishes formal procedures for the identification and preservation of digital
ISO 27001:2022 Annex A 5.28 Collection of evidence for AI Companies Read More »
ISO 27001 Annex A 5.30 ICT readiness for business continuity is a security control that ensures critical technology infrastructure maintains
ISO 27001:2022 Annex A 5.30 ICT readiness for business continuity for AI Companies Read More »
ISO 27001 Annex A 5.31 is a security control that requires organizations to identify and document all legal, statutory, regulatory,
ISO 27001 Annex A 5.32 is a security control that requires organizations to implement documented procedures for protecting intellectual property
ISO 27001:2022 Annex A 5.32 Intellectual property rights for AI Companies Read More »
ISO 27001 Annex A 5.34 is a security control that mandates the identification and implementation of requirements for personal data
ISO 27001:2022 Annex A 5.34 Privacy and protection of PII for AI Companies Read More »
ISO 27001 Annex A 5.33 is a security control that ensures organizational records are protected from loss, destruction, and unauthorized
ISO 27001:2022 Annex A 5.33 Protection of records for AI Companies Read More »
ISO 27001 Annex A 5.35 is a security control that requires an organization’s information security approach to be reviewed by
ISO 27001 Annex A 5.35 Independent review of information security for AI Companies Read More »
ISO 27001 Annex A 5.36 is a security control that mandates the regular review of organizational operations against established information
ISO 27001 Annex A 5.37 Documented operating procedures is a security control that mandates organizations establish and maintain formal written
ISO 27001:2022 Annex A 5.37 Documented Operating Procedures for AI Companies Read More »
A Beginner’s Guide to ISO 27001 Clause 9.2 Internal Audit
ISO 27001 Clause 9.2 Internal Audit: The Lead Auditor’s Implementation and Audit Guide Read More »
ISO 27001 Annex A 8.34 is a security control that ensures audit testing activities do not disrupt operational business processes
In this guide, I will show you exactly how to do an ISO 27001 Internal Audit. You will get a
ISO 27001 Internal Audit: The Lead Auditor’s Step-by-Step Guide (+ 2026 Templates) Read More »
The ISO 27001 Clause 4.2 audit checklist is designed to help an ISO 27001 Lead Auditor conduct internal audits and
The ISO 27001 Clause 4.4 audit checklist is designed to help an ISO 27001 Lead Auditor conduct internal audits and
In this tutorial, ISO 27001 Lead Auditor Stuart Barker explains how to audit and ISO 27001 Toolkit. This is article
How to audit an ISO 27001 Toolkit Read More »
Auditing ISO 27001 Annex A 5.1 is a rigorous governance assessment that evaluates the maturity and operational effectiveness of an
How to Audit ISO 27001 Annex A 5.1 Policies for Information Security Read More »
Auditing ISO 27001 Annex A 5.1 Policies for Information Security is the definitive assessment of governance structures and management intent.
ISO 27001 Annex A 5.1 Audit Checklist Read More »
Auditing ISO 27001 Clause 5.3 Organizational Roles is the structural verification that information security responsibilities are clearly defined and assigned.
ISO 27001 Clause 5.3 Audit Checklist Read More »
Auditing ISO 27001 Clause 5.3 is a vital governance review that verifies the alignment of organizational power with security accountability.
Auditing ISO 27001 Annex A 8.32 Change Management is the rigorous verification of organizational and technical modifications to ensure security
ISO 27001 Clause 6.3 Audit Checklist Read More »
Auditing ISO 27001 Clause 6.3 is a formal governance verification process that evaluates how organisational changes impact the management system.
How to Audit ISO 27001 Clause 6.3 Planning of Changes: An ISO 27001 Lead Auditor’s Guide Read More »
Auditing ISO 27001 Clause 7.2 is the process of verifying that an organisation has determined and documented the necessary competence
How to Audit ISO 27001 Clause 7.2 Competence: An ISO 27001 Lead Auditor’s Guide Read More »
Auditing ISO 27001 Clause 7.2 Competence is the rigorous verification that personnel influencing information security performance are adequately skilled. This
ISO 27001 Clause 7.2 Audit Checklist Read More »
Auditing ISO 27001 Clause 7.1 requires verifying that the organization has determined and provided the necessary resources for the establishment,
How to Audit ISO 27001 Clause 7.1 Resource Management: An ISO 27001 Lead Auditor’s Guide Read More »
Auditing ISO 27001 Clause 7.1 verifies that the organisation has determined and provided the resources needed for the establishment, implementation,
ISO 27001 Clause 7.1 Audit Checklist Read More »
Auditing ISO 27001 Annex A.8.34 validates that information systems are protected during audit testing to prevent operational disruption or data
ISO 27001 Annex A 8.34 Audit Checklist Read More »
Auditing ISO 27001 Annex A 8.34 is the verification process to ensure that information systems are protected during audit testing
Auditing ISO 27001 Annex A 8.33 is the process of verifying that test data is carefully selected, protected, and controlled.
How to Audit ISO 27001 Annex A 8.33 Test Information: An ISO 27001 Lead Auditor’s Guide Read More »
Auditing ISO 27001 Annex A.8.33 verifies that information used for testing is protected to the same level as production data.
ISO 27001 Annex A 8.33 Audit Checklist Read More »
Auditing ISO 27001 Annex A.8.32 ensures that changes to information processing facilities and systems are controlled to minimize disruption and
ISO 27001 Annex A 8.32 Audit Checklist Read More »
Auditing ISO 27001 Annex A 8.32 is the verification process that ensures changes to information processing facilities and information systems
How to Audit ISO 27001 Annex A 8.32 Change Management: An ISO 27001 Lead Auditor’s Guide Read More »
Auditing ISO 27001 Clause 6.2 verifies that an organisation has established measurable information security objectives that align with its strategic
ISO 27001 Clause 6.2 Audit Checklist Read More »
Auditing ISO 27001 Clause 7.3 ensures that all employees actively understand their role in the Information Security Management System. This
ISO 27001 Clause 7.3 Audit Checklist Read More »
Auditing ISO 27001 Clause 6.2 is the process of verifying that an organisation has established information security objectives that are
Auditing ISO 27001 Clause 7.3 is the systematic verification that all personnel possess adequate awareness of the Information Security Policy.
How to Audit ISO 27001 Clause 7.3 Awareness: An ISO 27001 Lead Auditor’s Guide Read More »
Auditing ISO 27001 Annex A.5.4 is the strategic verification that leadership responsibilities are actively integrated into the Information Security Management
Auditing ISO 27001 Annex A.5.5 is the verification that an organisation maintains active and tested communication channels with relevant legal,
Auditing ISO 27001 Annex A.5.7 is the strategic verification that an organisation proactively gathers and analyses threat data to anticipate
Auditing ISO 27001 Annex A.5.6 validates the organization’s active engagement with external security communities to anticipate emerging threats. This audit
Auditing ISO 27001 Annex A.5.8 is the systematic verification that information security risks and requirements are embedded into project management
ISO 27001 Annex A 5.9 is a security control that mandates the identification and maintenance of a comprehensive record of
Auditing ISO 27001 Annex A.5.10 verifies that an organisation has established and enforced rules for the acceptable use of information
ISO 27001 Annex A 5.10 Audit Checklist Read More »
Auditing ISO 27001 Annex A 5.11 validates the secure offboarding process to ensure all physical and digital assets are recovered
ISO 27001 Annex A 5.11 Audit Checklist Read More »
ISO 27001 Annex A 5.10 is a security control that establishes rules for the legitimate handling and use of organizational
ISO 27001 Annex A 5.11 is a security control that mandates the return of all organisational assets by personnel and
How to Audit ISO 27001 Annex A 5.11 Return of Assets: An ISO 27001 Lead Auditor’s Guide Read More »
Auditing ISO 27001 Annex A.5.12 is the validation of the classification scheme applied to information assets to ensure appropriate protection
ISO 27001 Annex A 5.12 Audit Checklist Read More »
ISO 27001 Annex A 5.12 is a security control that requires organizations to categorize information based on its sensitivity, value,
The ISO 27001 Clause 4.3 implementation checklist is designed to help an ISO 27001 Lead Implementer to implement ISO 27001
The ISO 27001 Clause 4.4 implementation checklist is designed to help an ISO 27001 Lead Implementer to implement ISO 27001
How to implement ISO 27001 Clause 4.4 The Information Security Management System (ISMS) Read More »
Implementing ISO 27001 Annex A 5.1 is the strategic process of establishing a comprehensive Information Security Policy framework. This control
ISO 27001 Annex A 5.1 Policies Implementation Checklist Read More »
In my 30 years as an ISO 27001 Lead Auditor, I have witnessed countless organisations struggle with a foundational control:
How to Implement ISO 27001 Annex A 5.1 Information Security Policies Read More »
If there is one clause that separates a paper-based ISMS from a living, breathing one, it is ISO 27001 Clause
How to Implement ISO 27001 Clause 5.3 Roles, Responsibilities, and Authorities Read More »
Your 10-Point Implementation Checklist for ISO 27001 Clause 5.3: Roles & Responsibilities In my experience guiding hundreds of organisations through
ISO 27001 Clause 5.3 Roles, Responsibilities, and Authorities Implementation Checklist Read More »
The 2022 update to the ISO 27001 standard introduced a specific new requirement: Clause 6.3, Planning of changes. If this
ISO 27001 Clause 6.3 Planning of Changes Implementation Checklist Read More »
The 2022 update to the ISO 27001 standard introduced a pivotal new requirement: Clause 6.3, Planning of Changes. While new
How to implement ISO 27001:2022 Clause 6.3 Planning of Changes Read More »
Successfully implementing an Information Security Management System (ISMS) hinges on the capabilities of your people. ISO 27001 Clause 7.2, “Competence,”
ISO 27001 Clause 7.2 Competence Implementation Checklist Read More »
An ISO 27001 project typically fails for one of two reasons: a lack of management commitment or a lack of
How to implement ISO 27001 Clause 7.1 Resources Read More »
You cannot achieve ISO 27001 certification if your team lacks the necessary expertise. It is that simple. ISO 27001 Clause
How to Implement ISO 27001 Clause 7.2 Competence Read More »
Embarking on the ISO 27001 certification journey is a significant strategic decision. At its core lies ISO 27001 Clause 7.1:
ISO 27001 Clause 7.1 Resources Implementation Checklist Read More »
Implementing ISO 27001 Annex A 8.34 is the strategic enforcement of audit governance to prevent testing activities from disrupting business
How to Implement ISO 27001 Annex A 8.34 Protecting Systems During Audit Testing Read More »
ISO 27001 Test information Implementation Checklist Use this implementation checklist to achieve compliance with ISO 27001 Annex A 8.33. This
How to Implement ISO 27001 Annex A 8.33 Protecting Test Information Read More »
Implementing ISO 27001 Annex A 8.32 is the process of establishing a formal change management lifecycle to ensure that all
How to Implement ISO 27001 Annex A 8.32 Change Management Read More »
Implementing ISO 27001 Annex A 8.31 requires the rigid separation of development, testing, and production environments to maintain system integrity.
Implementing ISO 27001 Annex A 8.29 is the strategic integration of security validation within the software development lifecycle to ensure
How to Implement ISO 27001 Annex A 8.29 Security Testing in Development and Acceptance Read More »
Implementing ISO 27001 Annex A 8.30 involves establishing strict governance over outsourced software development to mitigate supply chain risks. This
How to Implement ISO 27001 Annex A 8.30 Securing Outsourced Development Read More »
Implementing ISO 27001 Annex A 8.28 is the systematic application of secure coding principles to reduce software vulnerabilities and defend
How to Implement ISO 27001 Annex A 8.28 Secure Coding Read More »
Implementing ISO 27001 Annex A 8.27 requires the establishment of secure engineering principles to ensure systems are designed with defence-in-depth
Implementing ISO 27001 Annex A 8.26 is the strategic process of defining and formally approving information security requirements before the
How to Implement ISO 27001 Annex A 8.26 Application Security Requirements Read More »
Implementing ISO 27001 Annex A 8.25 involves establishing a Secure Development Lifecycle (SDLC) that enforces security checkpoints at every stage
How to Implement ISO 27001 Annex A 8.25 Secure Development Life Cycle Read More »
Implementing ISO 27001 Annex A 8.24 requires the establishment of rigorous rules for the use of cryptography to ensure the
How to Implement ISO 27001 Annex A 8.24 Use of Cryptography Read More »
Implementing ISO 27001 Annex A 8.20 is the process of establishing deep technical controls to secure, manage, and monitor network
How to Implement ISO 27001 Annex A 8.20 Networks Security Read More »
Implementing ISO 27001 Annex A 8.19 involves establishing strict governance over the installation of software on operational systems to maintain
How to Implement ISO 27001 Annex A 8.19 Installation of Software on Operational Systems Read More »
Implementing ISO 27001 Annex A 8.17 is a foundational security process that ensures clock synchronisation across all IT assets. By
How to Implement ISO 27001 Annex A 8.17 Clock Synchronisation Read More »
Implementing ISO 27001 Annex A 8.18 requires stringent controls over powerful utility programs that can override system security. This control
How to Implement ISO 27001 Annex A 8.18 Use of Privileged Utility Programs Read More »
Implementing ISO 27001 Annex A 8.16 is a vital security process involving the active monitoring of networks, systems, and applications
How to Implement ISO 27001 Annex A 8.16 Monitoring Activities Read More »
Implementing ISO 27001 Annex A 8.14 requires establishing robust Redundancy of Information Processing Facilities to prevent service interruptions. By designing
How to Implement ISO 27001 Annex A 8.14 Redundancy of Information Processing Facilities Read More »
Implementing ISO 27001 Annex A 8.15 is a technical imperative for event logging and anomaly detection. It requires organizations to
How to Implement ISO 27001 Annex A 8.15 Logging Read More »
