Category InfoSec

risk approach

What is the risk approach in ISO 27001?

The international standard for information security, ISO 27001, was an early adopter of the risk-based approach to management systems. Since then, influenced by Annex SL, all modern management systems include risks and opportunities in clause 6. But why is risk…

iso 27002

What Has Changed in ISO 27002:2022?

ISO 27002, the standard used to determine and implement controls for information security management systems to ISO 27001, has been revised and published. Here is what’s changed in ISO 27002:2022: New Title & Scope The first significant change to the…

What is the ISO 27701 Privacy Add-On?

In 2019 an exciting new privacy standard, ISO 27701, was published.   But what is ISO 27701 and can it help you achieve GDPR compliance?   ISO 27701 for a Privacy Information Management System (PIMS) ISO 27701, is an add-on to…