Default image

Robert Clements

What is the risk approach in ISO 27001?

risk approach

The international standard for information security, ISO 27001, was an early adopter of the risk-based approach to management systems. Since then, influenced by Annex SL, all modern management systems include risks and opportunities in clause 6. But why is risk…

What Has Changed in ISO 27002:2022?

iso 27002

ISO 27002, the standard used to determine and implement controls for information security management systems to ISO 27001, has been revised and published. Here is what’s changed in ISO 27002:2022: New Title & Scope The first significant change to the…

ISO Certification during Hyper Growth

hyper growth

The term hyper growth is used to describe an organisation, usually a startup, that experiences extreme growth in revenues and/or head count.  Implementing ISO management systems in this context can be tricky due to the changing scope of the organisation…