Home/Tag: ISO 27001

SOC 2 vs ISO 27001: Choosing a Compliance Framework

In a previous blog post, we discussed the differences between SOC 2 vs ISO 27001. In this post, we will look at the factors affecting the decision of choosing which  of the two compliance frameworks best aligns with your business needs. Client Expectations The choice to adopt a compliance framework is often driven by client expectations. Clients may stipulate in contracts [...]

By |2020-08-03T16:40:16+00:00August 3rd, 2020|ISO 27001 Compliance, SOC Reporting|0 Comments

SOC 2 vs ISO 27001: What’s The Difference?

Navigating the ins and outs of two of the most popular compliance frameworks. When it comes to vendor due diligence, many companies are raising the bar. This article will help you weigh the difference on SOC 2 vs ISO 27001.  In addition to evaluating vendor revenue, growth, and skills, security is becoming an important focus. With almost half of security breaches [...]

By |2020-07-30T18:10:18+00:00July 13th, 2020|ISO 27001 Compliance, SOC Reporting|0 Comments

Webinar | Everything You Need to Prepare for ISO 27701 Certification

Check out our webinar from Philip Brudney and Christian Hyatt in which they discuss everything you need to prepare for an ISO 27701 certification, including the link between ISO 27701 and ISO 27001. As a bonus, they also discuss the implementation and certification process. See also: Podcast | Everything You Need to Prepare for ISO 27701 Certification https://www.youtube.com/watch?v=OInOVF3k_uI&feature=youtu.be

By |2020-06-29T17:28:46+00:00July 1st, 2020|IT Audit & Compliance, Webinars|0 Comments

Common Misconceptions About the ISO 27001 Framework

Answering some of the most commonly asked questions around ISO 27001 implementation. At risk3sixty, we have helped many clients implement ISO 27001. Through this work, we have pinpointed a few common misconceptions surrounding the framework. In this post, we will dig into these misconceptions and shed some light on the ISO 27001 implementation process. Misconception #1: An organization must implement all [...]

By |2020-06-07T19:22:49+00:00June 8th, 2020|CISO Discussions, ISO 27001 Compliance|0 Comments

Why You Should Consider an Intangible Asset Inventory (and the Risks of Not Having One)

IT security professionals can get caught up in the physical asset world. But what intangible assets should we be tracking? An important part of IT security is maintaining an asset inventory. The inventory should document owners, data classification and other pertinent information. Consider cost and metrics associated with the asset's lifetime. A physical asset inventory enables an IT department to have [...]

By |2020-03-26T13:04:51+00:00March 30th, 2020|Cyber Risk Management, ISO 27001 Compliance|0 Comments

COVID-19 and ISO 27001: What Coronavirus Means for Your Certification Audit

Many organizations have been impacted by office closures during the COVID-19 pandemic. Here's how to maintain your ISO 27001 certification during the crisis. Many organizations are facing the challenge of maintaining their ISO 27001 certification schedule during the Coronavirus (COVID-19) pandemic. This includes scheduling (or rescheduling) on-site audits in a time when most organizations aren't sure when they will be able [...]

Performing Effective User Access Reviews

Correcting mistakes that arise in the day-to-day management of access control.   Organizations can take many steps to manage access, such as adopting documented registration and de-registration processes, maintaining a list of service accounts, and segmenting networks. While all are effective ways of managing access, they occasionally fail.   For example, a step may be missed in the on-boarding process. A [...]

How to Create Effective Policies

How to leverage information security policies into leveling up your security program.   People often regard information security policy as a "check-the-box" compliance initiative. Many organizations will copy a policy template, make small revisions applicable to their context, and then forget about it.   But, an information security policy that directs the organization is as crucial to a security program as [...]

Craftsmanship in Music and Compliance

If you’ve been on stage for a speech or performing arts, you know stage fright is real. Businesses can get nervous when they hear the word "audit" in the same way musicians can get nervous before a performance. However, there is one great way to alleviate that fear: preparation. If your business prepares well, you will see the fruits of that [...]