This rule is about cloud supplier management, which means a company must have a system to handle the information security risks of its third party cloud systems, products and services. What is ISO 27001 Annex A 5.23? The latest version of the ISO 27001 standard is ISO/IEC 27001:2022 (published in October 2022). In the ISO/IEC 27001:2022 Standard the […]

This rule is about ICT supplier management, which means a company must have a system to handle the management of its third party IT systems, products and services. What is ISO 27001 Annex A 5.22? The latest version of the ISO 27001 standard is ISO/IEC 27001:2022 (published in October 2022). In the ISO/IEC 27001:2022 Standard the control is

This rule is about ICT supplier management, which means a company must have a system to handle the information security risks of its third party IT systems, products and services. What is ISO 27001 Annex A 5.21? The latest version of the ISO 27001 standard is ISO/IEC 27001:2022 (published in October 2022). In the ISO/IEC 27001:2022 Standard the

ISO 27001 Annex A 5.20 is a simple rule. It says that your business must create and agree upon information security rules with all your suppliers. What Does This Mean? This rule is about putting a legal plan in place. This plan is often a formal contract, a business agreement, or set of terms. This

The ISO 27001 Annex A 5.19 rule is about managing information security when working with other companies (suppliers). This rule requires your business to handle the security risks that come from using products and services provided by these suppliers. In short, it helps you keep your supply chain secure. Suppliers are one of your biggest

Access Rights are the permissions that tell a system exactly what you are allowed to do. Think of it like a key card for a building: your card might let you into the office floor, but not the server room. This rule is about making sure everyone is given only the specific rights they need

Think of Authentication Information as the special keys you use to prove you are who you say you are when you access systems or data. This rule is all about managing and protecting those keys, things like your passwords, PINs, biometric data (like your fingerprint), or security tokens. Essentially, it makes sure you have a

This rule is about identity management, which means a company must have a system to handle who and what can access its information and IT systems. It covers the entire life of an identity, from when it’s created until it’s deleted. What Is Identity Management? Identity management is a way to make sure that only the

ISO 27001 Annex A 5.15 is about Access Control. This rule says that an organisation must create and follow rules to control who can access information and other assets. This is based on what the business needs and what is required for security. The main goal is to let authorised people in and keep unauthorised people