• ISO 27001 – Information Security is not all Information Technology. So what else is it?

    16th November, 2016 | by Andrew Barham
    Busy office environment with lots of people and papers on desks read more

    There is increasing focus and interest in information security. Just think of recent events here in Australia… the census crashing because of overseas hackers; the almost continual reporting of people’s private information being compromised; phone hacking by unscrupulous news reporters desperate for the latest big story; and of course, people posting information they shouldn’t on social media.

    Whilst all these major stories are centred around the failure of some aspect of information technology, ISO 27001 (the International Standard for information security management systems) does include many requirements for non-IT security of information… and that is what we are going to talk about here.

    What can you do to keep your information secure that does not involve the IT department? We’ve picked nine specific ISO 27001- Information Security controls which are listed specifically in Annex A and have been directly derived from, and align with, ISO 27002. We also briefly explain what each means.

  • Corrective or Preventive Action – Risk based thinking?

    7th November, 2016 | by Andrew Barham
    Truck being loaded with shipping containers read more

    Recently I had a lovely email from a past student saying that she missed our blogs. We have been a little slack and I must admit that we haven’t published one for about three months! Sorry.

    Well I rang her and asked if she had any topics in particular that she would like us to write about. A little later I received an email offering two topics which had come about from findings by her employer’s external certification auditor. These were:

    1. Being proactive in preventative action
    2. Emergency Preparedness & Response (going beyond a fire drill).

    I’m going to address the first topic in this post and I’ll talk about the other in ‘Emergency testing- It’s more than just a fire drill’

“Although I find the topic interesting, I think it is generally classed as being quite dry. Pat’s delivery of the program was excellent and engaging, with his experience being profoundly beneficial to my own professional development.”

“Many thanks Tom, I really enjoyed the course and will get a lot of use from it at my workplace.”

“Overall very valuable course. Balance of theory with practical workshops was excellent. Trainers stuck to timetable very well.”

“The course was thorough and many relevant examples provided by both Tom and Jackie to help me apply it to the workplace.”

“Great presentation of the course, engaging facilitators and good use of group work. I found the course to be a great refresher for an audit course I did 10 years ago and now feel more motivated to go audits in a non-bow tie way!”

×
Menu