There is no substitute for a competent and impartial auditor in terms of compliance, security, and correct operations. Organizations that can assess and certify technologies and organizations are essential for ensuring accountability and standards of excellence in place, applying to systems that store sensitive data. To modify a common saying, “who watches the auditors?” That’s where ISO 10765 comes in.

This article will cover this ISO document and what it means for assessors and auditors in any industry.

Read More

Modern security and risk frameworks often focus on a limited set of concerns–security controls, external threats, insider threats, upgrading or updating systems, etc. But, as the relationships between security, business continuity, and system reliability become more complex in our data-saturated environment, organizations must have equally robust system support in place to ensure that information remains secure and available at all times. 

ISO 22301, “Security and resilience–Business continuity management systems–Requirements,” the International Organization for Standardization (ISO) defines a broad set of standards that organizations can implement to focus on business continuity and resilience. 

Read More

The ISO 27000 series is a set of important security documents released by the International Organization for Standardization (ISO) to provide a guideline for best practices in IT security management, ISMS development and organizational security and risk management practices. The earlier documents (27001, 27002, etc.) serve as a baseline for this series, and many of the following documents build from that foundation. 

Later documents in the series develop guidelines describing more specialized applications. One of these, ISO 27017, address security practices for the expanding area of cloud infrastructure that most of our business operations rely on. 

Read More