Let’s talk about Information transfer policies and procedures (ISO27001 Annex A Control 13.2.1)

Questions about how to address this control are usually raised by clients early on in discussions on how to implement ISO27001 requirements. “What is meant by transfer?” and “Do we really need complex procedures as that isn’t going to work with our culture” are typical. The ISO27001 document gives the outline “Formal transfer policies, procedures…..protect… Read More

You have decided you need ISO27001 certification – what happens now?

ISO27001 is the international standard for Information Security, and there are several reasons for deciding that certification is a business requirement. For some companies, it becomes a requirement to get shortlisted for new work. For others, it can be a way for management to ensure good security practices are in places as they grow or… Read More