When we discuss cybersecurity, it’s most often done in the context of audits, assessments, or certifications. However, specific systems and components require more stringent testing standards, ensuring that the technology functions correctly and securely after construction or during ongoing operational use. 

To support the testing and assurance of these components, the National Institutes of Standards and Technology (NIST) operates a program to align testing and laboratory standards with ISO 17025, the international framework for lab calibration and competence. 

Read More

There is no substitute for a competent and impartial auditor in terms of compliance, security, and correct operations. Organizations that can assess and certify technologies and organizations are essential for ensuring accountability and standards of excellence in place, applying to systems that store sensitive data. To modify a common saying, “who watches the auditors?” That’s where ISO 10765 comes in.

This article will cover this ISO document and what it means for assessors and auditors in any industry.

Read More

Modern security and risk frameworks often focus on a limited set of concerns–security controls, external threats, insider threats, upgrading or updating systems, etc. But, as the relationships between security, business continuity, and system reliability become more complex in our data-saturated environment, organizations must have equally robust system support in place to ensure that information remains secure and available at all times. 

ISO 22301, “Security and resilience–Business continuity management systems–Requirements,” the International Organization for Standardization (ISO) defines a broad set of standards that organizations can implement to focus on business continuity and resilience. 

Read More