9th March, 2017 | by Andrew Barham
When people write procedures, there often is little consistency in the words they use to form the tense, mood or voice of their sentences. Let me explain…
27th January, 2017 | by Tom Barham
Here at PwC’s Auditor Training & Certification we have recently released our latest auditor training course, and it’s all about ISO 27001 Information Security, the Internationally recognised information security standard.
We asked Ryan Ettridge, PwC Partner in Digital Trust and Risk Assurance, to explain why ISO 27001 and Information Security is so important, particularly in today’s security conscious business environment.
20th December, 2016 | by Jay Greensill
PwC’s Auditor Training & Certification business recently held an information session for clients and staff on the benefits of their ISO 27001:2013 training course, which teaches auditors the key processes and approaches a business needs to manage information security risks.
15th December, 2016 | by Tom Barham
ISO 27001 helps organisations to keep secure both their information assets and those of their customers.
Organisations of all types and sizes collect, process, store and transmit information in many forms. This information is valuable to an organisation’s business and operations.
14th December, 2016 | by Andrew Barham
We’ve just developed and run our first Performance Auditing course designed specifically for businesses and people who want to get more out of their audits and auditing. This course is for those of you who want to go beyond the ‘tick and flick’ approach and writing the same report each time. It is for those who want to drive real change within their organisation.
5th December, 2016 | by Andrew Barham
Emergency testing is a criteria for a number of the standards. Being prepared is crucial for both businesses and employees to ensure the best response is taken in the event of an emergency. This article goes beyond the standard fire drill when talking about emergency preparedness.
16th November, 2016 | by Andrew Barham
There is increasing focus and interest in information security. Just think of recent events here in Australia… the census crashing because of overseas hackers; the almost continual reporting of people’s private information being compromised; phone hacking by unscrupulous news reporters desperate for the latest big story; and of course, people posting information they shouldn’t on social media.
Whilst all these major stories are centred around the failure of some aspect of information technology, ISO 27001 (the International Standard for information security management systems) does include many requirements for non-IT security of information… and that is what we are going to talk about here.
What can you do to keep your information secure that does not involve the IT department? We’ve picked nine specific ISO 27001- Information Security controls which are listed specifically in Annex A and have been directly derived from, and align with, ISO 27002. We also briefly explain what each means.
7th November, 2016 | by Andrew Barham
Recently I had a lovely email from a past student saying that she missed our blogs. We have been a little slack and I must admit that we haven’t published one for about three months! Sorry.
Well I rang her and asked if she had any topics in particular that she would like us to write about. A little later I received an email offering two topics which had come about from findings by her employer’s external certification auditor. These were:
- Being proactive in preventative action
- Emergency Preparedness & Response (going beyond a fire drill).
I’m going to address the first topic in this post and I’ll talk about the other in ‘Emergency testing- It’s more than just a fire drill’
25th October, 2016 | by Andrew Barham
It’s almost a year since ISO 14001 was updated to the 2015 version, so most systems should now be well on the way to addressing the changed requirements.
Just to make sure that you haven’t missed any of the key points, we have put together 6 of the big ticket items we believe auditors will be focusing on – all from the first half of 14001!
27th July, 2016 | by The Auditor