Blog
Articles and resources on information security, compliance, and best practices.
Cybersecurity Training for ISO 27001 Compliance
Design cybersecurity training that meets ISO 27001 Clause 7.2 and 7.3 - program structure, phishing simulations, and measuring effectiveness.
ISO 27001 Clause 5.2: Security Policy
Clause 5.2 requires top management to establish an information security policy. What to include, what auditors check, and common mistakes to avoid.
PDCA for ISO 27001: The Improvement Cycle
The PDCA cycle - Plan, Do, Check, Act - maps directly to ISO 27001 Clauses 4-10. Learn how to use it for implementation, audits, and continual improvement.
The CIA Triad in ISO 27001: A Practical Guide
The CIA triad - confidentiality, integrity, availability - shapes every control in ISO 27001. Learn how to map Annex A controls to each pillar and prioritize.
ISO 27018: Cloud Privacy Controls for PII
ISO 27018 adds PII-specific controls to your ISMS for public cloud environments - Annex A requirements, ISO 27002 extensions, and ISO 27701 comparison.
ISO 27017: Cloud Security Controls for Your ISMS
How ISO 27017 extends ISO 27001 with cloud-specific security controls - what it adds, who needs it, and how it fits alongside C5 and ISO 27018.
C5 Cloud Security Attestation: A Practical Guide
BSI's C5 attestation framework covers 17 security domains for cloud providers. What C5 requires, how it relates to ISO 27001, and who needs it.
ISO 27001:2022 Migration: Free Notion Template
A free Notion template for mapping ISO 27001:2013 controls to the 2022 version - side-by-side control mapping, implementation notes, and policy update tips.
ISO 27001 Statement of Applicability
How to build your ISO 27001 Statement of Applicability - control selection, documentation requirements, and common mistakes auditors flag.
ISO 27001 Clause 4.1: Organizational Context
How to identify external and internal issues for ISO 27001 Clause 4.1 - practical steps, real examples, and common pitfalls to avoid.