8th May, 2017 | by Andrew Barham
You’ve been asked by your boss to be an internal auditor – and you’re thinking, why me? Why have I been chosen? What have I done wrong? Rather than looking at the request negatively, consider this… becoming an internal auditor could be one of the best things that has ever happened to you, at least as far as your career is concerned. Find out below about the career benefits of being an internal auditor.
20th April, 2017 | by Andrew Barham
One of our most popular blogs over the past few years was “12 Questions for Top Management about Quality”. However with the release of the 2015 version of ISO 9001, the questions that need to be asked have changed; therefore we have come up with a revised list to ask the person in charge.
31st March, 2017 | by Andrew Barham
Disruptive events to businesses are becoming increasingly frequent, and the ability for businesses to plan and implement strategies to deal with this events is important, not only from viability of their business, but for their employees, their supply chain and the role that organisation has within the community. In this article, we talk about the importance of business continuity, and the requirements of the standard for it; ISO 22301.
9th March, 2017 | by Andrew Barham
When people write procedures, there often is little consistency in the words they use to form the tense, mood or voice of their sentences. Let me explain…
27th January, 2017 | by Tom Barham
Here at PwC’s Auditor Training & Certification we have recently released our latest auditor training course, and it’s all about ISO 27001 Information Security, the Internationally recognised information security standard.
We asked Ryan Ettridge, PwC Partner in Digital Trust and Risk Assurance, to explain why ISO 27001 and Information Security is so important, particularly in today’s security conscious business environment.
20th December, 2016 | by Jay Greensill
PwC’s Auditor Training & Certification business recently held an information session for clients and staff on the benefits of their ISO 27001:2013 training course, which teaches auditors the key processes and approaches a business needs to manage information security risks.
15th December, 2016 | by Tom Barham
ISO 27001 helps organisations to keep secure both their information assets and those of their customers.
Organisations of all types and sizes collect, process, store and transmit information in many forms. This information is valuable to an organisation’s business and operations.
14th December, 2016 | by Andrew Barham
We’ve just developed and run our first Performance Auditing course designed specifically for businesses and people who want to get more out of their audits and auditing. This course is for those of you who want to go beyond the ‘tick and flick’ approach and writing the same report each time. It is for those who want to drive real change within their organisation.
5th December, 2016 | by Andrew Barham
Emergency testing is a criteria for a number of the standards. Being prepared is crucial for both businesses and employees to ensure the best response is taken in the event of an emergency. This article goes beyond the standard fire drill when talking about emergency preparedness.
16th November, 2016 | by Andrew Barham
There is increasing focus and interest in information security. Just think of recent events here in Australia… the census crashing because of overseas hackers; the almost continual reporting of people’s private information being compromised; phone hacking by unscrupulous news reporters desperate for the latest big story; and of course, people posting information they shouldn’t on social media.
Whilst all these major stories are centred around the failure of some aspect of information technology, ISO 27001 (the International Standard for information security management systems) does include many requirements for non-IT security of information… and that is what we are going to talk about here.
What can you do to keep your information secure that does not involve the IT department? We’ve picked nine specific ISO 27001- Information Security controls which are listed specifically in Annex A and have been directly derived from, and align with, ISO 27002. We also briefly explain what each means.