Blog
Articles and resources on information security, compliance, and best practices.
ISO 27001 Clause 7.2: Competence
Clause 7.2 requires your organization to ensure that people working within the ISMS are competent. How to define, assess, and evidence competence.
ISO 27001 Clause 7.1: Resources
Clause 7.1 requires your organization to determine and provide the resources needed for the ISMS. What this means in practice and what auditors expect.
ISO 27001 Clause 6.3: Planning of Changes
Clause 6.3 requires planned, structured changes to your ISMS. What triggers a change, how to plan it, and what auditors expect to see.
ISO 27001 Clause 6.2: Security Objectives
Clause 6.2 requires measurable information security objectives aligned with your policy. How to set practical objectives and what auditors expect.
ISO 27001 Clause 6.1: Risks and Opportunities
Clause 6.1 requires you to identify and address information security risks and opportunities. How to build your risk assessment process.
ISO 27001 Clause 5.3: Roles and Responsibilities
Clause 5.3 requires top management to assign information security roles and responsibilities. How to structure them and what auditors expect.
ISO 27001 Clause 5.1: Leadership Commitment
Clause 5.1 requires top management to demonstrate leadership commitment to information security. What this means in practice and what auditors expect.
ISO 27001 Clause 4.4: Establishing Your ISMS
Clause 4.4 requires you to establish, implement, maintain, and continually improve your ISMS. How to structure it and what auditors expect.
ISO 27001 Clause 4.3: Defining ISMS Scope
Clause 4.3 requires you to define ISMS scope - boundaries, applicability, and exclusions. Practical steps, examples, and what auditors expect.
ISO 27001 Clause 4.2: Interested Parties
Clause 4.2 requires you to identify interested parties and their requirements for your ISMS. Practical steps, a register template, and what auditors check.