Howard and Jim chat about  ISO 27001, Annex A - Physical Controls.

Points discussed include a review of the 14 controls in Clause 7:

• Annex A, Clause Seven, Physical Controls
• Number of controls:14  (7.1 to 7.14)

On Our Next Episode

ISO 27001, Annex A - Clause 8 - Technology Controls.

Next Steps - review your current situation against these controls to see if you can find a way to improve your Physical Controls for better Information security.

If you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that you have to meet.

Click here to visit the International Management System Institute website so that you can learn about how and why you should consider becoming a Certified ISO Management System Professional.

Learn more about Jim on LinkedIn & YouTube

LinkedIn: https://www.linkedin.com/in/simplifyiso/

LinkedIn Articles: https://www.linkedin.com/in/simplifyiso/detail/recent-activity/posts/

YouTube: https://www.youtube.com/channel/UCrt2Hgj-5AjHKEvyf2ssZ8g

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

The ISO Review Podcast is a production of SimplifyISO.

Howard and Jim chat about  ISO 27001, Annex A - People Controls.

Points discussed include a review of the 8 controls in Clause 6:

• Annex A, Clause Six, People Controls
• Number of controls: 8 (6.1 to 6.8)

On Our Next Episode

ISO 27001, Annex A - Clause 7 - Physical Controls.

Next Steps - review your current situation against these controls to see if you can find a way to improve your People controls for better Information security.

If you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that you have to meet.

Click here to visit the International Management System Institute website so that you can learn about how and why you should consider becoming a Certified ISO Management System Professional.

Learn more about Jim on LinkedIn & YouTube

LinkedIn: https://www.linkedin.com/in/simplifyiso/

LinkedIn Articles: https://www.linkedin.com/in/simplifyiso/detail/recent-activity/posts/

YouTube: https://www.youtube.com/channel/UCrt2Hgj-5AjHKEvyf2ssZ8g

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

The ISO Review Podcast is a production of SimplifyISO.

Howard and Jim chat about  ISO 27001, Annex A - Organization Controls.

Points discussed include a review of the 37 controls in Clause 5:

• Annex A, Clause Five, Organizational Controls
• Number of controls: 37 (5.1 to 5.37)

On Our Next Episode

ISO 27001, Annex A - Clause 6 - People Controls.

Next Steps - review your current practices against these controls required to see if you can find a way to improve your Organizational controls for better Information security.

If you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.    

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that you have to meet.

Click here to visit the International Management System Institute website so that you can learn about how and why you should consider becoming a Certified ISO Management System Professional.

Learn more about Jim on LinkedIn & YouTube

LinkedIn: https://www.linkedin.com/in/simplifyiso/

LinkedIn Articles: https://www.linkedin.com/in/simplifyiso/detail/recent-activity/posts/

YouTube: https://www.youtube.com/channel/UCrt2Hgj-5AjHKEvyf2ssZ8g

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

Howard and Jim chat about Root Cause Analysis Considerations For Your ISO 27001 Information Security Management System.

Points discussed include:

• Root Cause Analysis Considerations
• Determine the Cause of the Nonconformance
• Contributing Issues
• Ishikawa Fishbone Diagram Integration With Annex A
• 4-Column Integration Table showing the Ishikawa Fishbone and the 4 Annex A Clauses (See Link)

Our Gift To You

4-Column Integration Table showing the Ishikawa Fishbone and the 4 Annex A Clauses

On Our Next Episode

Using ISO 27001 with ISO 22301 to Maintain Business Continuity

Next Steps

If you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.    

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that you have to meet.

Learn more about Jim on LinkedIn & YouTube

LinkedIn: https://www.linkedin.com/in/simplifyiso/

LinkedIn Articles: https://www.linkedin.com/in/simplifyiso/detail/recent-activity/posts/

YouTube: https://www.youtube.com/channel/UCrt2Hgj-5AjHKEvyf2ssZ8g

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

Howard and Jim chat about the integration of an ISO 27001 into an existing ISO 9001 QMS.

Points discussed include:

• ISO 9001 Quality Management Standard is the most prevalent in the world. It's been around since 1987 and there are over 2 million certificates worldwide in over 170 countries.
• Best Practice would be to integrate ISO 27001 into your existing ISO 9001 system (or any other Harmonized Standard system) instead of having two separate systems.
• Start off by reviewing Clause 4 and make any necessary tweaks such as the 'Interested Party' section.
• Follow up by reviewing  the other clauses , 5 though 10, to determine the sections that may need some additional IS related information.
• Whatever method you're using to determine risks in quality, you can definitely start with that for information security risks.
• Create your Statement of Applicability from Annex A.

On Our Next Episode

In the next episode of the ISO Review Podcast, Jim will discuss Root Cause Analysis Considerations for your ISO 27001 Information Security Management System.

Next Steps

If you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.    

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that you have to meet.

Learn more about Jim on LinkedIn & YouTube

LinkedIn: https://www.linkedin.com/in/simplifyiso/

LinkedIn Articles: https://www.linkedin.com/in/simplifyiso/detail/recent-activity/posts/

YouTube: https://www.youtube.com/channel/UCrt2Hgj-5AjHKEvyf2ssZ8g

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

Howard and Jim chat about the ISO 27001:2022 - Statement of Applicability (SoA)

Items discussed include:

• The Statement of Applicability is required for ISO 27001 certification. It’s a statement that explains which Annex A security controls are — or aren’t — applicable to your organization’s Information Security Management System (ISMS).

You can update your current ISO 27001 Statement of Applicability (SoA) like this:

• Compare your current SoA to the new requirements - there are charts in the new Standard showing the connections
• Identify the business owners in the various risk areas, and assign a high-medium-low value to the risk, and then revise your Information Security Risk Treatment Plans
• Update your Risk Treatment Plans to keep you protected
• Keep your Risk Treatment Plans dynamic - threats never sleep!

On Our Next Episode

In the next episode of the ISO Review Podcast, Jim will discuss what you need to know about integrating ISO 27001 into an existing ISO 9001 QMS.

Next Steps

If you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.    

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that you have to meet.

Learn more about Jim on LinkedIn & YouTube

LinkedIn: https://www.linkedin.com/in/simplifyiso/

LinkedIn Articles: https://www.linkedin.com/in/simplifyiso/detail/recent-activity/posts/

YouTube: https://www.youtube.com/channel/UCrt2Hgj-5AjHKEvyf2ssZ8g

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

LinkedIn: https://www.linkedin.com/in/foxcoachinginc/

Howard and Jim chat about ISO 27007 - Guidance for Information Security Management Systems Auditing.

Items discussed include:

• Plan - Do - Check - Act  Approach.
• Getting clients to ask their auditees if the procedure, the way it's been implemented, is getting them the results they want.
• The purpose of auditing is to see if you're getting the results you want.
• Part of the audit is to see if the objectives are really sensible.
• Asking during the audit if there's any possible way the auditees think that procedures, processes, and the implementation could be improved.
• The reocmmended frequency for performing audits.
• Review the competency of the individuals and teams assigned to perform the audit.

During the next episode of the ISO review Podcast, we'll discuss the Statement of Applicability document.

Next Steps

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that you have to meet.

Learn more about Jim on LinkedIn & YouTube

LinkedIn: https://www.linkedin.com/in/simplifyiso/

LinkedIn Articles: https://www.linkedin.com/in/simplifyiso/detail/recent-activity/posts/

YouTube: https://www.youtube.com/channel/UCrt2Hgj-5AjHKEvyf2ssZ8g

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

LinkedIn: https://www.linkedin.com/in/foxcoachinginc/

Howard and Jim chat about ISO 27005 - Managing Information Security Risks in this episode of the ISO Review Podcast.

Items discussed include:

• Plan - Do - Check - Act  Approach
• Identify the risk
• Analyze  the naure and level of the risk
• Evaluate (low - medium - high ) the risk
• Select objectives and controls for the treatment of the risk
• Determine what is an acceptable level of the residual risk

We look forward to having you join us next year for more episodes of the ISO review Podcast. 

Next Steps

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that you have to meet.

Learn more about Jim on LinkedIn & YouTube

LinkedIn: https://www.linkedin.com/in/simplifyiso/

LinkedIn Articles: https://www.linkedin.com/in/simplifyiso/detail/recent-activity/posts/

YouTube: https://www.youtube.com/channel/UCrt2Hgj-5AjHKEvyf2ssZ8g

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

LinkedIn: https://www.linkedin.com/in/foxcoachinginc/

Howard and Jim review ISO 27002 - Security Techniques in this episode of the ISO Review Podcast.

Items discussed include:

Information security, cybersecurity and privacy protection — Information security controls

1. Scope
2. Normative References
3. Terms, definitions, and abbreviated terms
4. Structure of the Document
5. Organizational controls (37)
6. People controls (8)
7. Physical controls (14)
8. Technological controls (34)

• Annex A
• Annex B

The entire document has useful help in it. It's has help that's going to give users and listeners a chance to really improve their the effectiveness of their management system. It's going to help improve their outputs, their risk management and the way people can access their own Information Management System safely.

What's in Store For The Next Episode

Our topic is ISO 27005 - Managing Information Security Risks.

Next Steps

Click here to visit the SimplifyISO website to discover how this cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that need to be met.

More about Jim Moran

LinkedIn: https://www.linkedin.com/in/simplifyiso/

LinkedIn Articles: https://www.linkedin.com/in/simplifyiso/detail/recent-activity/posts/

YouTube: https://www.youtube.com/channel/UCrt2Hgj-5AjHKEvyf2ssZ8g

More about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

LinkedIn: https://www.linkedin.com/in/foxcoachinginc/

The ISO Review Podcast is a production of the International Management System Institute.

In this episode, Howard and Jim review the changes in ISO 27001:2022, Information Security Management Systems Requirements

Items discussed include:

• ISO 27001 - Information Security Management System was the pioneer in what was first known as the High Level Structure,  is now called the Harmonized Structure, as it was developed for all the other standards to be built on.
•   The breadth of changes in the Clauses: 
  • 4.2 - Interested Parties (minor tweak); 
  • 4.4 - Description of the Entire System (additional information added); 
  • 6.1 - Risk Management (additional information and clarification); 
  • 6.2 - Information Security Objectives (additional information and clarification); 
  • 6.3 - Change Management (new clause);
  • 7.4 - Communication (minor tweak);
  • 8.1 - Operation Planning (rewritten);
  • 9.1 - Monitoring (additional information); 
  • 9.2 - Internal Auditing (expanded with new information);
  • 9.3 - Management Review - (expanded)
• Annex A - Controls. They have been reorganized from 14 categories to 4 categories and have been reduced from 114 controls to 93:
  • Clause 5 -  Organization Controls (37)
  • Clause 6 -  People Controls (8) 
  • Clause 7 -  Physical Controls (14)
  • Clause 8 -  Technological Controls (34)
• ISO 27002, the guidance document for Annex A (more in the next episode!)
• The benefit of beginning recertification sooner rather than later

What's in Store For The Next Episode

• Our topic is ISO 27002:2022 - Security Techniques, the newly updated guidance document for ISO 27001:2022 Annex A
  
  
• Next Steps
  Click here to visit the SimplifyISO website to discover how this cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that need to be met.

More about Jim Moran

• LinkedIn: https://www.linkedin.com/in/simplifyiso/
• LinkedIn Articles: https://www.linkedin.com/in/simplifyiso/detail/recent-activity/posts/
• YouTube: https://www.youtube.com/channel/UCrt2Hgj-5AjHKEvyf2ssZ8g

More about Howard

• Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.
• LinkedIn: https://www.linkedin.com/in/foxcoachinginc/