More results...
Compliance is a concern that pops up repeatedly on the ISO27k Forum, just this morning for instance. Intrigued by ISO 27001 Annex A control A.18.1.1 “Identification of applicable legislation and contractual requirements”, members generally ask wh…
Inspired by an exchange on the ISO27k Forum yesterday morning, I wrote and published a simple 2-page exemptions policy template for SecAware. In essence, after explaining what ‘exemptions’ are, the policy requires that they are authorised after du…
The SecAware corporate information security policy template incorporates a set of generic principles for information risk and security such as “Our Information Security Management System
conforms to generally accepted good security practices as descri…
Inspired by an insightful comment on LinkeDin from an SC 27 colleague on the other side of the world (thanks Lars!), I spent most of last week updating the SecAware security policy templates and ISO27k ISMS materials.The main change was to distinguish …