20th December, 2016 | by Jay Greensill
PwC’s Auditor Training & Certification business recently held an information session for clients and staff on the benefits of their ISO 27001:2013 training course, which teaches auditors the key processes and approaches a business needs to manage information security risks.
15th December, 2016 | by Tom Barham
ISO 27001 helps organisations to keep secure both their information assets and those of their customers.
Organisations of all types and sizes collect, process, store and transmit information in many forms. This information is valuable to an organisation’s business and operations.
16th November, 2016 | by Andrew Barham
There is increasing focus and interest in information security. Just think of recent events here in Australia… the census crashing because of overseas hackers; the almost continual reporting of people’s private information being compromised; phone hacking by unscrupulous news reporters desperate for the latest big story; and of course, people posting information they shouldn’t on social media.
Whilst all these major stories are centred around the failure of some aspect of information technology, ISO 27001 (the International Standard for information security management systems) does include many requirements for non-IT security of information… and that is what we are going to talk about here.
What can you do to keep your information secure that does not involve the IT department? We’ve picked nine specific ISO 27001- Information Security controls which are listed specifically in Annex A and have been directly derived from, and align with, ISO 27002. We also briefly explain what each means.