simplifyiso

Howard and Jim chat about  ISO 27036-2, Clause 7.5 - Supplier Termination Process.

Points discussed include:

1.  How important is it for organizations of all sizes to prioritize information security?
2.  What are some challenges organizations face when it comes to supplier relationship termination?
3.  How can ISO standards help organizations in managing their supplier relationships and information security?
4.  What are some potential risks or consequences of not properly terminating a supplier relationship?
5.  How can organizations ensure a smooth and secure transition when terminating a supplier relationship?
6.  What role does communication play in the supplier termination process, particularly in terms of information security?
7.  What are some best practices for creating a termination plan within a supplier agreement?
8.  How can organizations protect their information and intellectual property during and after a supplier relationship termination?
9.  What steps should organizations take to ensure legal and regulatory compliance during the supplier termination process?
10.  How can organizations evaluate the effectiveness of their supplier termination process in terms of information security?

Complimentary ISO Resources

Click here to try Conformance1's free online ISO 27001 Gap Checklist.

Next Steps

If you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other requirements that you have to meet.

Click here to visit the International Management System Institute website so that you can learn about how and why you should consider becoming a Certified ISO Management System Professional.

Learn more about Jim on LinkedIn & YouTube

LinkedIn
LinkedIn Articles:
YouTube

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

Connect with Howard on LinkedIn.

Keywords

#ISO #ISO27001 #ISO27001Certification #InformationSecurityManagementSystems  #SupplierRelationshipTerminationProcess

Howard and Jim chat about  ISO 27036-2, Clause 7.4 - Supplier Relationship Management Process.

Points discussed include:

1.  The importance for organizations to have a process for managing supplier relationships in terms of information security.
2.  The potential risks or vulnerabilities that organizations may face when it comes to information security in the supply chain.
3.  What organizations can do to ensure that their suppliers are meeting the information security requirements stated in the contract.
4.  The role communication plays in ensuring successful supplier relationship management in terms of information security.
5.  The ways organizations can effectively monitor and enforce compliance with information security requirements in the supplier relationship.
6.  Key considerations for organizations when transitioning from one supplier to another in terms of information security.
7.  What organizations can do to mitigate the risks associated with information security during the transition to a new supplier.
8.   The steps organizations can take to train their employees on information security requirements in the supplier relationship.
9.  The potential challenges or obstacles that organizations may face when managing supplier relationships in terms of information security.
10.  What steps can organizations prepare for and respond to situations where information security issues arise in the supplier relationship?

Complimentary ISO Resources

Click here to try Conformance 1's free online ISO 27001 Gap Checklist.

Upcoming Episodes

Howard and Jim chat about: 

• ISO 27036-2 Supplier Relationship Requirements - Clause 7.5 - Supplier Relationship Termination Process

Next Steps

If you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other requirements that you have to meet.

Click here to visit the International Management System Institute website so that you can learn about how and why you should consider becoming a Certified ISO Management System Professional.

Learn more about Jim on LinkedIn & YouTube

LinkedIn
LinkedIn Articles:
YouTube

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

Keywords

#ISO #ISO27001 #ISO27001Certification #InformationSecurityManagementSystems  #SupplierRelationshipAgreement

Howard and Jim chat about  ISO 27036-2, Clause 7.3 - Supplier Relationship Agreement Process.

Points discussed include:

1.  How important it is for businesses to have supplier contracts that address information security?
2.  The key elements that should be included in an agreement to ensure information security.
3.  How can businesses effectively measure their suppliers' compliance with information security requirements?
4.  What role does change management play in supplier agreements and information security?
5.  How can businesses ensure a smooth transition with their suppliers when it comes to information security?
6.  The potential risks and challenges businesses face when it comes to maintaining information security in the supply chain.
7.  How businesses can effectively monitor and enforce their suppliers' compliance with information security standards.
8.  The criteria  businesses should use when selecting suppliers for information security purposes.
9. The measures businesses can take to protect sensitive information during and after the termination of a supplier agreement.
10.  Industry-specific considerations or regulations that businesses should be aware of when it comes to information security in the supply chain

Complimentary ISO Resources

Click here to try Conformance 1's free online ISO 27001 Gap Checklist.

Upcoming Episodes

Howard and Jim chat about: 

• ISO 27036-2 Supplier Relationship Requirements - Clause 7.4 - Supplier Relationship Management Process
• ISO 27036-2 Supplier Relationship Requirements - Clause 7.5 - Supplier Relationship Termination Process

Next Steps

If you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other requirements that you have to meet.

Click here to visit the International Management System Institute website so that you can learn about how and why you should consider becoming a Certified ISO Management System Professional.

Learn more about Jim on LinkedIn & YouTube

LinkedIn
LinkedIn Articles:
YouTube

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

Keywords

#ISO #ISO27001 #ISO27001Certification #InformationSecurityManagementSystems  #SupplierRelationshipAgreement

Howard and Jim chat about  ISO 27036-2, Clause 7.2 - Supplier Selection Process.

Points discussed include:

1.  How can organizations effectively plan their supplier relationships to mitigate information security risks?
2.  What are some real-life examples of information security breaches and their impact on organizations? 
3.  Why is it important for organizations to communicate the importance of information security to all employees, and how can top management lead by example?
4.  What are some key elements that should be included in a supplier relationship plan to ensure information security?
5.  How can organizations assess and manage risks in their relationships with suppliers?
6.  Why is it impossible to eliminate all information security risks, and how can organizations determine acceptable levels of risk?
7.  What role does legal and regulatory compliance play in supplier relationship planning for information security?
8.  How can organizations ensure that their suppliers are complying with information security requirements and addressing potential risks? 
9.  What are some considerations for evaluating new suppliers in terms of their information security impact?
10.  Why is it important to continually maintain and update information security measures in an organization?

Complimentary ISO Resources

Click here to try the online ISO 27001 Gap Checklist.

Upcoming Episodes

Howard and Jim chat about: 

• ISO 27036-2 Supplier Relationship Requirements - Clause 7.3 - Supplier Relationship Agreement
• ISO 27036-2 Supplier Relationship Requirements - Clause 7.4 - Supplier Relationship Management Process
• ISO 27036-2 Supplier Relationship Requirements - Clause 7.5 - Supplier Relationship Termination Process

Next Steps

If you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other requirements that you have to meet.

Click here to visit the International Management System Institute website so that you can learn about how and why you should consider becoming a Certified ISO Management System Professional.

Learn more about Jim on LinkedIn & YouTube

LinkedIn
LinkedIn Articles:
YouTube

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

Keywords

#ISO #ISO27001 #ISO27001Certification #InformationSecurityManagementSystems  #I

Howard and Jim chat about  ISO 27036-2, Clause 7.1 - Supplier Relationship Planning Process.

Points discussed include:

1.  How do the ISO 27036 standards help protect against potential risks and ensure personal safety?
2.  What are some potential legal and regulatory issues that suppliers should be aware of in relation to information security impacts?
3.  Why is it important for requirements and agreements with suppliers to be strongly worded and clearly labeled as "shall"?
4.  What are real-life examples where a breach in information security had devastating effects on a company's asset value or credibility?
5.  What are some challenges in protecting against breaches and maintaining information security measures in organizations?
6.  What steps should companies take to address information security concerns proactively, rather than waiting for clients to request it?
7. What are some key steps individuals can take to maintain cybersecurity in their supply chain?

Complimentary ISO Resources

Click here to obtain your copy of the ISO 27001 Gap Checklist.

Upcoming Episodes

Howard and Jim chat about: 

• ISO 27036-2 Supplier Relationship Requirements - Clause 7.2 - Supplier Selection Process
• ISO 27036-2 Supplier Relationship Requirements - Clause 7.3 - Supplier Relationship Agreement
• ISO 27036-2 Supplier Relationship Requirements - Clause 7.4 - Supplier Relationship Management Process
• ISO 27036-2 Supplier Relationship Requirements - Clause 7.5 - Supplier Relationship Termination Process

Next Steps

If you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that you have to meet.

Click here to visit the International Management System Institute website so that you can learn about how and why you should consider becoming a Certified ISO Management System Professional.

Learn more about Jim on LinkedIn & YouTube

LinkedIn
LinkedIn Articles:
YouTube

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

Keywords

#ISO #ISO27001 #ISO27001Certification #InformationSecurityManagementSystems  #ISO27036  

Howard and Jim chat about  ISO 27036 Part 2 - Clause 6 - Information security in supplier relationship management

Points discussed include:

1.  How does the ISO Review podcast contribute to the understanding and implementation of ISO standards in various industries?
2.  What are some practical steps that companies can take to ensure information security in supplier relationships?
3.  How has the globalized supply chain impacted the security of information and data?
4.  Why is it important for businesses to prioritize quality assurance processes and follow Mr. Deming's principles?
5.  In what ways can hardware and software work together to enhance information security and ensure smooth operations?
6.  How can businesses effectively assess and manage the risks associated with information security in the supply chain?
7.  What role does project management play in the acquisition process and information security management?
8.  How do the principles outlined in ISO 27036 part two align with the practice of continuous improvement in business processes?
9.  What are some common challenges and pitfalls that companies face when implementing information security measures in supplier relationships?
10.  What resources or tools are available to businesses that want to learn more and improve their understanding of ISO standards and information security practices?

Complimentary ISO Resources

Click here to obtain your copy of the ISO 27001 Gap Checklist.

On Our Next Episodes

Howard and Jim chat about ISO 27036 Part 2 - Clause 7 - Information security in a supplier relationship example.

Next Steps

If you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that you have to meet.

Click here to visit the International Management System Institute website so that you can learn about how and why you should consider becoming a Certified ISO Management System Professional.

Learn more about Jim on LinkedIn & YouTube

LinkedIn
LinkedIn Articles:
YouTube

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

Keywords

#ISO #ISO27001 #ISO27001Certification #InformationSecurityManagementSystems #AnnexA #RiskAssessment

Howard and Jim chat about  ISO 27036 Part I - Protecting Your Data: Overview of Understanding the Risks and Best Practices Guidance for Supplier Relationships.

Points discussed include:

1.  Why is due diligence important when choosing suppliers?
2.  Why it's important to evaluate the security practices and capabilities of suppliers to make sure that they meet your information security requirements.
3. What are the key factors to consider when evaluating supplier relationships for information security practices and capabilities?
4.  Why you need to have processes to manage the information security risks with interacting with your suppliers.
5.  Why you need to create a culture of information awareness, make sure every day, every single person in your in your organization is thinking information security all day long!

On Our Next Episodes

Howard and Jim chat about ISO 27036-2 - Requirements for Information Security in your Supplier Relationships.

Next Steps

If you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that you have to meet.

Click here to visit the International Management System Institute website so that you can learn about how and why you should consider becoming a Certified ISO Management System Professional.

Click here to learn more about the ISO 27001 Gap Checklist.

Learn more about Jim on LinkedIn & YouTube

LinkedIn
LinkedIn Articles:
YouTube

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

Keywords

#ISO #ISO27001 #ISO27001Certification #InformationSecurityManagementSystems #AnnexA #RiskAssessment #ISOHarmonizedStructure #StatementofApplicability #InternationalStandardsDevelopmen #SimplifyISO #ISO27001:2022 #ISO27008

Howard and Jim chat about  ISO 27008 Guidelines for Assessing Annex A Controls.

Points discussed include:

1.  How many controls are required in ISO 27008?
2.  What are the seven steps outlined in ISO 27008 for measuring and assessing controls?
3.  How can ISO 27008 help organizations improve information security?
4.  What is the significance of continual improvement in information security controls?

On Our Next Episodes

Howard and Jim chat about ISO 27036-1 Overview & Concepts related to your Supplier Relationships

Next Steps

If you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that you have to meet.

Click here to visit the International Management System Institute website so that you can learn about how and why you should consider becoming a Certified ISO Management System Professional.

Click here to learn more about the ISO 27001 Gap Checklist.

Learn more about Jim on LinkedIn & YouTube

LinkedIn
LinkedIn Articles:
YouTube

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

Keywords

#ISO #ISO27001 #ISO27001Certification #InformationSecurityManagementSystems #AnnexA #RiskAssessment #ISOHarmonizedStructure #StatementofApplicability #InternationalStandardsDevelopmen #SimplifyISO #ISO27001:2022 #ISO27008

Howard and Jim chat about Competence Requirements For Information Security Management Systems Professionals.

Points discussed include:

1.  What is the importance of communication and documentation in auditing firms for ISMS professionals?
2.  How can auditors prepare for an audit, and what information should they request from the organizations being audited?
3. What ethics are involved in auditing and what is the importance of ethics in firms and individuals who perform tasks in companies?
4.  What are some qualifications that ISM professionals need to have in order to become auditors?
5. What are some key attributes and skills that auditors need to have in order to perform their job responsively and ethically?
6. What are some of the challenges that auditors may face in conducting an objective and fair audit, and how can they overcome these challenges?
7. Where can listeners go to learn more about ISO auditing and the topics discussed in this podcast episode?

On Our Next Episode

Howard and Jim chat about ISO 27008 Guidelines for Auditing Annex A Controls.

Next Steps

If you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that you have to meet.

Click here to visit the International Management System Institute website so that you can learn about how and why you should consider becoming a Certified ISO Management System Professional.

Click here to learn more about the ISO 27001 Gap Checklist.

Learn more about Jim on LinkedIn & YouTube

LinkedIn
LinkedIn Articles:
YouTube

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

Keywords

#ISO #ISO27001 #ISO27001Certification #Registrars #ITProjects #InformationSecurityManagementSystems #AnnexA #RiskAssessment #ISOHarmonizedStructure #StatementofApplicability #InternationalStandardsDevelopmen #SimplifyISO #ISO27001:2022 #AnnexA

Howard and Jim chat about  ISO 27001, Annex A - Technical  Controls.

Points discussed include a review of the 14 controls in Clause 8:

• Annex A, Clause Eight, Technical Controls
• Number of controls:34  (8.1 to 8.34)

On Our Next Episode

The Path to ISO 27001 Certification - Find out the steps you'll need to take to become Certified to ISO 27001:2022!

Next Steps - review your current situation against these controls to see if you can find a way to improve your Technical Controls for better Information security.

If you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that you have to meet.

Click here to visit the International Management System Institute website so that you can learn about how and why you should consider becoming a Certified ISO Management System Professional.

Learn more about Jim on LinkedIn & YouTube

LinkedIn: https://www.linkedin.com/in/simplifyiso/

LinkedIn Articles: https://www.linkedin.com/in/simplifyiso/detail/recent-activity/posts/

YouTube: https://www.youtube.com/channel/UCrt2Hgj-5AjHKEvyf2ssZ8g

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

The ISO Review Podcast is a production of SimplifyISO.

Howard and Jim chat about  ISO 27001, Annex A - Physical Controls.

Points discussed include a review of the 14 controls in Clause 7:

• Annex A, Clause Seven, Physical Controls
• Number of controls:14  (7.1 to 7.14)

On Our Next Episode

ISO 27001, Annex A - Clause 8 - Technology Controls.

Next Steps - review your current situation against these controls to see if you can find a way to improve your Physical Controls for better Information security.

If you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that you have to meet.

Click here to visit the International Management System Institute website so that you can learn about how and why you should consider becoming a Certified ISO Management System Professional.

Learn more about Jim on LinkedIn & YouTube

LinkedIn: https://www.linkedin.com/in/simplifyiso/

LinkedIn Articles: https://www.linkedin.com/in/simplifyiso/detail/recent-activity/posts/

YouTube: https://www.youtube.com/channel/UCrt2Hgj-5AjHKEvyf2ssZ8g

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

The ISO Review Podcast is a production of SimplifyISO.

Howard and Jim chat about  ISO 27001, Annex A - People Controls.

Points discussed include a review of the 8 controls in Clause 6:

• Annex A, Clause Six, People Controls
• Number of controls: 8 (6.1 to 6.8)

On Our Next Episode

ISO 27001, Annex A - Clause 7 - Physical Controls.

Next Steps - review your current situation against these controls to see if you can find a way to improve your People controls for better Information security.

If you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that you have to meet.

Click here to visit the International Management System Institute website so that you can learn about how and why you should consider becoming a Certified ISO Management System Professional.

Learn more about Jim on LinkedIn & YouTube

LinkedIn: https://www.linkedin.com/in/simplifyiso/

LinkedIn Articles: https://www.linkedin.com/in/simplifyiso/detail/recent-activity/posts/

YouTube: https://www.youtube.com/channel/UCrt2Hgj-5AjHKEvyf2ssZ8g

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

The ISO Review Podcast is a production of SimplifyISO.

Howard and Jim chat about  ISO 27001, Annex A - Organization Controls.

Points discussed include a review of the 37 controls in Clause 5:

• Annex A, Clause Five, Organizational Controls
• Number of controls: 37 (5.1 to 5.37)

On Our Next Episode

ISO 27001, Annex A - Clause 6 - People Controls.

Next Steps - review your current practices against these controls required to see if you can find a way to improve your Organizational controls for better Information security.

If you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.    

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that you have to meet.

Click here to visit the International Management System Institute website so that you can learn about how and why you should consider becoming a Certified ISO Management System Professional.

Learn more about Jim on LinkedIn & YouTube

LinkedIn: https://www.linkedin.com/in/simplifyiso/

LinkedIn Articles: https://www.linkedin.com/in/simplifyiso/detail/recent-activity/posts/

YouTube: https://www.youtube.com/channel/UCrt2Hgj-5AjHKEvyf2ssZ8g

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

Howard and Jim chat about Root Cause Analysis Considerations For Your ISO 27001 Information Security Management System.

Points discussed include:

• Root Cause Analysis Considerations
• Determine the Cause of the Nonconformance
• Contributing Issues
• Ishikawa Fishbone Diagram Integration With Annex A
• 4-Column Integration Table showing the Ishikawa Fishbone and the 4 Annex A Clauses (See Link)

Our Gift To You

4-Column Integration Table showing the Ishikawa Fishbone and the 4 Annex A Clauses

On Our Next Episode

Using ISO 27001 with ISO 22301 to Maintain Business Continuity

Next Steps

If you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.    

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that you have to meet.

Learn more about Jim on LinkedIn & YouTube

LinkedIn: https://www.linkedin.com/in/simplifyiso/

LinkedIn Articles: https://www.linkedin.com/in/simplifyiso/detail/recent-activity/posts/

YouTube: https://www.youtube.com/channel/UCrt2Hgj-5AjHKEvyf2ssZ8g

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

Howard and Jim chat about the integration of an ISO 27001 into an existing ISO 9001 QMS.

Points discussed include:

• ISO 9001 Quality Management Standard is the most prevalent in the world. It's been around since 1987 and there are over 2 million certificates worldwide in over 170 countries.
• Best Practice would be to integrate ISO 27001 into your existing ISO 9001 system (or any other Harmonized Standard system) instead of having two separate systems.
• Start off by reviewing Clause 4 and make any necessary tweaks such as the 'Interested Party' section.
• Follow up by reviewing  the other clauses , 5 though 10, to determine the sections that may need some additional IS related information.
• Whatever method you're using to determine risks in quality, you can definitely start with that for information security risks.
• Create your Statement of Applicability from Annex A.

On Our Next Episode

In the next episode of the ISO Review Podcast, Jim will discuss Root Cause Analysis Considerations for your ISO 27001 Information Security Management System.

Next Steps

If you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.    

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that you have to meet.

Learn more about Jim on LinkedIn & YouTube

LinkedIn: https://www.linkedin.com/in/simplifyiso/

LinkedIn Articles: https://www.linkedin.com/in/simplifyiso/detail/recent-activity/posts/

YouTube: https://www.youtube.com/channel/UCrt2Hgj-5AjHKEvyf2ssZ8g

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

Howard and Jim chat about the ISO 27001:2022 - Statement of Applicability (SoA)

Items discussed include:

• The Statement of Applicability is required for ISO 27001 certification. It’s a statement that explains which Annex A security controls are — or aren’t — applicable to your organization’s Information Security Management System (ISMS).

You can update your current ISO 27001 Statement of Applicability (SoA) like this:

• Compare your current SoA to the new requirements - there are charts in the new Standard showing the connections
• Identify the business owners in the various risk areas, and assign a high-medium-low value to the risk, and then revise your Information Security Risk Treatment Plans
• Update your Risk Treatment Plans to keep you protected
• Keep your Risk Treatment Plans dynamic - threats never sleep!

On Our Next Episode

In the next episode of the ISO Review Podcast, Jim will discuss what you need to know about integrating ISO 27001 into an existing ISO 9001 QMS.

Next Steps

If you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.    

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that you have to meet.

Learn more about Jim on LinkedIn & YouTube

LinkedIn: https://www.linkedin.com/in/simplifyiso/

LinkedIn Articles: https://www.linkedin.com/in/simplifyiso/detail/recent-activity/posts/

YouTube: https://www.youtube.com/channel/UCrt2Hgj-5AjHKEvyf2ssZ8g

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

LinkedIn: https://www.linkedin.com/in/foxcoachinginc/

Howard and Jim chat about ISO 27007 - Guidance for Information Security Management Systems Auditing.

Items discussed include:

• Plan - Do - Check - Act  Approach.
• Getting clients to ask their auditees if the procedure, the way it's been implemented, is getting them the results they want.
• The purpose of auditing is to see if you're getting the results you want.
• Part of the audit is to see if the objectives are really sensible.
• Asking during the audit if there's any possible way the auditees think that procedures, processes, and the implementation could be improved.
• The reocmmended frequency for performing audits.
• Review the competency of the individuals and teams assigned to perform the audit.

During the next episode of the ISO review Podcast, we'll discuss the Statement of Applicability document.

Next Steps

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that you have to meet.

Learn more about Jim on LinkedIn & YouTube

LinkedIn: https://www.linkedin.com/in/simplifyiso/

LinkedIn Articles: https://www.linkedin.com/in/simplifyiso/detail/recent-activity/posts/

YouTube: https://www.youtube.com/channel/UCrt2Hgj-5AjHKEvyf2ssZ8g

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

LinkedIn: https://www.linkedin.com/in/foxcoachinginc/

Howard and Jim chat about ISO 27005 - Managing Information Security Risks in this episode of the ISO Review Podcast.

Items discussed include:

• Plan - Do - Check - Act  Approach
• Identify the risk
• Analyze  the naure and level of the risk
• Evaluate (low - medium - high ) the risk
• Select objectives and controls for the treatment of the risk
• Determine what is an acceptable level of the residual risk

We look forward to having you join us next year for more episodes of the ISO review Podcast. 

Next Steps

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that you have to meet.

Learn more about Jim on LinkedIn & YouTube

LinkedIn: https://www.linkedin.com/in/simplifyiso/

LinkedIn Articles: https://www.linkedin.com/in/simplifyiso/detail/recent-activity/posts/

YouTube: https://www.youtube.com/channel/UCrt2Hgj-5AjHKEvyf2ssZ8g

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

LinkedIn: https://www.linkedin.com/in/foxcoachinginc/

Howard and Jim review ISO 27002 - Security Techniques in this episode of the ISO Review Podcast.

Items discussed include:

Information security, cybersecurity and privacy protection — Information security controls

1. Scope
2. Normative References
3. Terms, definitions, and abbreviated terms
4. Structure of the Document
5. Organizational controls (37)
6. People controls (8)
7. Physical controls (14)
8. Technological controls (34)

• Annex A
• Annex B

The entire document has useful help in it. It's has help that's going to give users and listeners a chance to really improve their the effectiveness of their management system. It's going to help improve their outputs, their risk management and the way people can access their own Information Management System safely.

What's in Store For The Next Episode

Our topic is ISO 27005 - Managing Information Security Risks.

Next Steps

Click here to visit the SimplifyISO website to discover how this cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that need to be met.

More about Jim Moran

LinkedIn: https://www.linkedin.com/in/simplifyiso/

LinkedIn Articles: https://www.linkedin.com/in/simplifyiso/detail/recent-activity/posts/

YouTube: https://www.youtube.com/channel/UCrt2Hgj-5AjHKEvyf2ssZ8g

More about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

LinkedIn: https://www.linkedin.com/in/foxcoachinginc/

The ISO Review Podcast is a production of the International Management System Institute.

In this episode, Howard and Jim review the changes in ISO 27001:2022, Information Security Management Systems Requirements

Items discussed include:

• ISO 27001 - Information Security Management System was the pioneer in what was first known as the High Level Structure,  is now called the Harmonized Structure, as it was developed for all the other standards to be built on.
•   The breadth of changes in the Clauses: 
  • 4.2 - Interested Parties (minor tweak); 
  • 4.4 - Description of the Entire System (additional information added); 
  • 6.1 - Risk Management (additional information and clarification); 
  • 6.2 - Information Security Objectives (additional information and clarification); 
  • 6.3 - Change Management (new clause);
  • 7.4 - Communication (minor tweak);
  • 8.1 - Operation Planning (rewritten);
  • 9.1 - Monitoring (additional information); 
  • 9.2 - Internal Auditing (expanded with new information);
  • 9.3 - Management Review - (expanded)
• Annex A - Controls. They have been reorganized from 14 categories to 4 categories and have been reduced from 114 controls to 93:
  • Clause 5 -  Organization Controls (37)
  • Clause 6 -  People Controls (8) 
  • Clause 7 -  Physical Controls (14)
  • Clause 8 -  Technological Controls (34)
• ISO 27002, the guidance document for Annex A (more in the next episode!)
• The benefit of beginning recertification sooner rather than later

What's in Store For The Next Episode

• Our topic is ISO 27002:2022 - Security Techniques, the newly updated guidance document for ISO 27001:2022 Annex A
  
  
• Next Steps
  Click here to visit the SimplifyISO website to discover how this cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that need to be met.

More about Jim Moran

• LinkedIn: https://www.linkedin.com/in/simplifyiso/
• LinkedIn Articles: https://www.linkedin.com/in/simplifyiso/detail/recent-activity/posts/
• YouTube: https://www.youtube.com/channel/UCrt2Hgj-5AjHKEvyf2ssZ8g

More about Howard

• Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.
• LinkedIn: https://www.linkedin.com/in/foxcoachinginc/