How to implement ISO 27001

Welcome to your guide on implementing one of the most practical controls in the ISO 27001 standard. As a certification body, we see many organisations overcomplicate this process. We are here to help you keep it simple and effective. Annex A 6.8 is titled Reporting information security events. In plain English, this is the “see […]

How to Implement ISO 27001 Annex A 6.7 Remote Working The modern workplace has changed. We no longer sit in a single office behind a secure perimeter. Your team likely works from home, coffee shops, or on the train. This flexibility is great for productivity but creates a headache for information security. This is where

Implementing ISO 27001 Annex A 6.6 Confidentiality or Non-disclosure Agreements Protecting your information is the heart of information security. While firewalls and passwords keep digital intruders out, legal frameworks ensure that the people you trust with your data actually keep it safe. This is where ISO 27001 Annex A 6.6 comes into play. It deals

Implementing ISO 27001 Annex A 6.5 Responsibilities After Termination or Change of Employment You are looking at Annex A 6.5 and wondering what it actually means for your business. As a certification body, we see many organisations overthink this control. It is actually quite straightforward. You need to ensure that information security does not stop

Welcome to your guide on implementing one of the most vital people controls in the ISO 27001 standard. You are likely here because you want to know how to handle security breaches when they are caused by your own staff. This control is Annex A 6.4 and it covers the disciplinary process. At ISO27001.com, we

Implementing ISO 27001 Annex A 6.3: Information Security Awareness Welcome to your guide on implementing one of the most critical controls in the ISO 27001 standard. At iso27001.com, we often tell our clients that information security is more about people than it is about technology. You can buy the most expensive firewalls in the world,

How to Implement ISO 27001 Annex A 6.2 Terms and Conditions of Employment Welcome to your guide on implementing one of the crucial people controls in the standard. As a certification body, we at ISO27001.com see many organisations struggle with the human side of security. It is easy to focus on firewalls and forget about

Implementing ISO 27001 Annex A 6.1 Screening Building a secure organisation starts with people. Before you hand over the keys to your data or systems, you need to know who you are dealing with. This is the core purpose of Annex A 6.1. In the 2022 version of the standard, this control is simply called

When you are building your Information Security Management System (ISMS), it is easy to focus on protecting the technology you use every day. You likely have firewalls in place and strong passwords for your active accounts. However, a significant risk often arises when you stop using that technology. Annex A 7.14 of ISO 27001 deals

How to Implement ISO 27001 Annex A 7.13 Equipment Maintenance Welcome to your guide on implementing ISO 27001 Annex A 7.13. As a certification body, we at ISO27001.com often see organisations trip up on the physical side of security. We spend so much time worrying about firewalls and phishing that we forget about the physical

Implementing ISO 27001 Annex A 7.12 Cabling Security Welcome to another guide from the team at ISO27001.com. Today we are looking at a control that often gets ignored until the very last minute. We are talking about Annex A 7.12 which covers cabling security. If you are a beginner to the standard you might wonder

How to Implement ISO 27001 Annex A 7.11 Supporting Utilities When you start your journey toward information security, it is easy to focus entirely on digital threats. You think about hackers, malware, and phishing scams. However, as an ISO 27001 certification body, we often see organisations overlook the physical backbone of their security. This is

Welcome to your guide on ISO 27001 Annex A 7.10. As a certification body, we often see businesses struggle with the physical side of data security. You might have excellent firewalls, but if someone loses a USB drive full of client data, your digital defenses do not matter. This control is all about storage media.

How to Implement ISO 27001 Annex A 7.9 Security of Assets Off-Premises Working environments have changed. We no longer sit in a secure office from nine to five every day. We work from home, from coffee shops, and on trains. This flexibility is great for business, but it gives security managers a headache. ISO 27001

Implementing ISO 27001 Annex A 7.8 Equipment Siting and Protection Welcome to our guide on ISO 27001 Annex A 7.8. If you are new to the standard, the list of controls can seem overwhelming. You might be focusing heavily on firewalls and passwords. However, physical security is just as vital. This control focuses on where

How to Implement ISO 27001 Annex A 7.7 Clear Desk and Clear Screen When you begin your journey toward information security, some controls can feel overly technical or abstract. However, ISO 27001 Annex A 7.7 is not one of them. This control, known as “Clear desk and clear screen,” is one of the most visible

How to Implement ISO 27001 Annex A 7.6 Working in Secure Areas Securing your physical space is just as vital as securing your digital network. When you look at the ISO 27001:2022 standard, you will find Annex A 7.6. This control focuses on working in secure areas. It might sound intimidating at first. However, it

Implementing ISO 27001 Annex A 7.5: Protecting Against Physical and Environmental Threats You might spend weeks securing your network firewalls and encrypting your databases, but have you considered what happens if the building catches fire? At ISO27001.com, we often see organisations focus heavily on digital threats while overlooking the physical reality of where their data

Physical security is often the first line of defence in protecting your data. You might have the strongest firewalls in the world, but they will not help if someone simply walks into your server room and takes a hard drive. This is where Annex A 7.4 comes into play. As a certification body, we want

How to Implement ISO 27001 Annex A 7.3 Welcome to our guide on implementing Annex A 7.3. If you are new to the standard, the physical controls can sometimes feel overwhelming. You might think information security is only about firewalls and passwords. However, physical security is just as vital. In the ISO 27001:2022 standard, Annex

How to Implement ISO 27001 Annex A 7.2 Physical Entry Welcome to this guide on implementing Annex A 7.2. At ISO27001.com, we often see organisations struggle with physical security because they focus too much on digital threats. However, physical entry is just as vital. If someone can walk into your server room, your firewalls do

Implementing ISO 27001 Annex A 7.1 Physical Security Perimeters Welcome to this guide on physical security. If you are new to the standard or transitioning to the 2022 update, you might be looking at Annex A 7.1 and wondering where to start. At ISO27001.com, we see many organisations focus heavily on digital firewalls while forgetting

How to Implement ISO 27001 Annex A 8.1 User Endpoint Devices Welcome to the practical side of information security. If you are reading this, you are likely looking at the new ISO 27001:2022 standard and wondering how to tackle Annex A 8.1. This control is titled “User endpoint devices.” In simple terms, it is all

How to Implement ISO 27001 Annex A 8.2 Privileged Access Rights Welcome to your practical guide on implementing ISO 27001 Annex A 8.2. If you are new to information security, the term “privileged access” might sound technical. However, the concept is simple. It is about controlling who holds the keys to your digital kingdom. At

How to Implement ISO 27001 Annex A 8.3 Information Access Restriction Welcome to your guide on Annex A 8.3. As a certification body, we often see confusion around the technical controls in ISO 27001:2022. You might feel overwhelmed by the jargon, but this control is actually quite straightforward. It is all about ensuring that only

How to Implement ISO 27001 Annex A 8.5 Secure Authentication Welcome to the world of access control. If you are reading this, you are likely working through your Statement of Applicability and have arrived at Annex A 8.5. As an ISO 27001 certification body, we at ISO27001.com see this control as one of the most

How to Implement ISO 27001 Annex A 8.6 Capacity Management You have likely faced that moment of panic when a hard drive is full or a server crashes under a heavy load. It is frustrating and often costly. In the world of information security, this is not just an operational headache. It is a security

How to Implement ISO 27001 Annex A 8.7 Protection Against Malware Malware is one of the most common threats to business information today. It comes in many forms, from ransomware that locks your files to spyware that steals your passwords. Annex A 8.7 of ISO 27001 is dedicated to protection against malware. As an ISO

How to Implement ISO 27001 Annex A 8.8 Management of Technical Vulnerabilities Welcome to this guide on ISO 27001 Annex A 8.8. If you are reading this, you are likely starting your journey toward certification or trying to tighten up your information security defences. As a certification body, we see many companies struggle with this

How to Implement ISO 27001 Annex A 8.9 Configuration Management Welcome to the world of information security controls. If you are looking at Annex A 8.9, you are likely ready to tackle the technical side of protecting your systems. At ISO27001.com, we see many organisations struggle with this control because it sounds more technical than

Implementing ISO 27001 Annex A 8.10 Information Deletion Welcome to our guide on Annex A 8.10. If you are new to ISO 27001, the sheer number of controls can feel overwhelming. You might feel tempted to focus only on firewalls or passwords. However, how you get rid of data is just as vital as how

How to Implement ISO 27001 Annex A 8.11 Data Masking Data privacy is a massive topic in the world of information security. If you are working towards certification, you have likely encountered ISO 27001 Annex A 8.11. This control is titled Data Masking. It might sound technical, but the concept is actually quite straightforward. It

How to Implement ISO 27001 Annex A 8.12 Data Leakage Prevention Data is the lifeblood of modern business. Losing control of that data can be catastrophic. If you are working towards ISO 27001 certification, you likely understand that protecting information is not just about keeping hackers out. It is also about keeping your data in.

Implementing ISO 27001 Annex A 8.13 Information Backup Welcome to this guide on one of the most critical controls in the ISO 27001 standard. As a certification body, we often see organisations struggle not with the concept of backups, but with the specific rigour required by Annex A 8.13. You likely already know that backing

Welcome to our guide on one of the most critical technical controls in the standard. We are ISO27001.com and we help organisations like yours navigate the complexities of certification. Today we are looking at Annex A 8.14 which is titled Redundancy of information processing facilities. This might sound technical but the concept is actually quite

Implementing ISO 27001 Annex A 8.15 Logging Welcome to your guide on implementing one of the most critical controls in the ISO 27001 standard. As an ISO 27001 certification body, we at ISO27001.com often see organisations struggle with the practical side of logging. It is not just about turning on a switch. It is about

How to Implement ISO 27001 Annex A 8.16 Monitoring Activities Security is not a passive state. You cannot simply build a wall around your data and hope for the best. You must watch that wall. This is the core principle behind ISO 27001 Annex A 8.16. While other controls focus on preventing attacks, this control

Time is one of the most critical yet overlooked aspects of information security. When you are building your Information Security Management System (ISMS), you will eventually encounter Annex A 8.17. This control deals with clock synchronisation. At ISO27001.com, we often see organisations fail this control simply because they assume their computers handle time automatically. While

How to Implement ISO 27001 Annex A 8.18 Use of Privileged Utility Programs When you start your journey toward information security, you quickly realize that not all software is created equal. Some programs have the power to override your system controls and bypass security measures. These are known as privileged utility programs. In the ISO

Welcome to your guide on ISO 27001 Annex A 8.19. If you are preparing for certification, you might feel overwhelmed by the sheer number of controls. At ISO27001.com, we understand this challenge. We want to help you break it down into manageable tasks. Today, we are looking at a specific control that deals with the

Network security is often seen as the backbone of a robust information security management system. When you look at ISO 27001 Annex A 8.20, you are looking at the specific control designed to protect your network infrastructure. At ISO27001.com, we find that many beginners feel overwhelmed by the technical jargon associated with this control. However,

Implementing ISO 27001 Annex A 8.21 Security of Information in the ICT Supply Chain Welcome to this guide on one of the more critical controls in the modern information security landscape. If you are looking to achieve certification, you likely know that the way you handle your technology partners matters. We see many organisations struggle

Welcome to your guide on implementing one of the most technical yet vital controls in the ISO 27001 standard. At ISO27001.com, we often see clients struggle with network security because they overcomplicate the basics. Annex A 8.22, titled Segregation of Networks, is all about keeping your digital assets safe by dividing them into manageable pieces.

Welcome to our guide on ISO 27001 Annex A 8.23. If you are new to information security, the term web filtering might sound like just another technical hurdle. However, it is actually one of the most practical controls you can put in place to protect your business. At ISO27001.com, we see this control as a

Welcome to your guide on implementing one of the most technical controls in the standard. At ISO27001.com, we know that the word cryptography can sound intimidating. It brings to mind complex maths and hackers in dark rooms. But for your information security management system, it is much simpler. It is about having a plan to

Welcome to this guide on ISO 27001 Annex A 8.25. As a certification body, we often see confusion around this control. You might think it only applies if you are a software house writing complex code. This is not the case. If you develop software, configure systems, or even manage minor scripts, this control applies

Welcome to this guide on Application Security Requirements. If you are new to ISO 27001, you might feel overwhelmed by the technical jargon. Do not worry. We are here to make it simple. At ISO27001.com, we believe that good security is about clarity and common sense. Annex A 8.26 is often called “Application security requirements”.

Welcome to your guide on tackling one of the more technical aspects of the standard. If you are reading this you are likely looking at Annex A 8.27 and wondering how to translate “Secure system architecture and engineering principles” into something practical. As an ISO 27001 certification body we see many organisations struggle here because

Welcome to this guide on secure coding. If you are reading this, you are likely looking at the ISO 27001 Annex A controls and wondering how to handle software development. You might be a startup building a new app or an established firm updating your processes. Regardless of your size, Annex A 8.28 is a

How to Implement ISO 27001 Annex A 8.30 Outsourced Development Welcome to this guide on ISO 27001 Annex A 8.30. If you are reading this, you are likely looking at your Statement of Applicability and wondering how to handle software development that you do not do in house. As a certification body, we see many

Implementing ISO 27001 Annex A 8.31: Separation of Development, Test, and Production Environments Welcome to the specific control that keeps your IT operations from descending into chaos. If you are new to the standard, ISO 27001 Annex A 8.31 might sound like just another technical hurdle. However, it is actually one of the most practical

Change is a constant part of running a business. You update software, you modify access rights, and you switch cloud providers. However, in the world of information security, every change brings a new risk. If you change a firewall rule without checking it first, you might accidentally leave a door open for hackers. This is

Implementing ISO 27001 can feel like a daunting task when you first look at the list of controls. One area that often trips up beginners is how to handle data during testing. This is where Annex A 8.33, titled “Test information,” comes into play. As a certification body, we at ISO27001.com see many organisations struggle

Implementing ISO 27001 Annex A 8.34: Protection of Information Systems During Audit Testing Audits are a vital part of maintaining a healthy information security management system. However, the very act of auditing can sometimes pose a risk to your operations. Imagine a scenario where a penetration tester accidentally brings down your live website or an