Tips for ISO27001 certification

More information about ISO27001 is available on our website. 5 tips – for Risk Assessments Read – yes, actually read – the parts of the standard that refer to risk assessment Make sure you cover *everything* the standard expects for risk assessment ‘define and apply….process’ – document the process all risks must have an owner… Read More

Navigating the ‘new normal’ – take opportunities, manage risks

COVID19 has meant changes to how we live and work. Organisations of all sizes must now adapt to the ‘new normal’ to survive and grow. Some changes will be positive – why didn’t we do this before! – while others will unfortunately have a negative impact. Organisations that think about what could be done in… Read More

So tell me….who owns this risk?

Recent experience of helping new clients develop information asset based risk management processes has given me more insight into the area of who REALLY owns risks (and opportunities). Most of the work I have been doing is in the context of a risk process aligned with ISO27001 requirements, but some risk assessments had very specific… Read More

Can you explain: Social Media + Urgency + Seniority = (£35,000)?

The explanation is simple but could be worrying for companies that aren’t managing risks to their business. The cyber threat to UK legal sector report has details about a £35,000 loss to a mid-sized law firm with a multi-million pound turnover from a phishing attack. A combination of social media posts from a senior partner… Read More