Scott is a senior cybersecurity and resilience consultant with extensive experience delivering information security, risk management, business continuity, disaster recovery and supplier assurance programmes across public and private sectors. After 25 years in the Royal Air Force specialising in information security, he takes a measured, practical approach to complex engagements, from building ISO 27001 information security management systems (ISMS’) and running tabletop exercises to strengthening incident response and disaster recovery. His credentials include CISSP and QSA (PCI DSS); Lead Implementer and Lead Auditor for ISO/IEC 27001 & ISO 22301; and Lead Auditor for ISO 9001, alongside qualifications covering BIA (ISO 22317), supply-chain continuity (ISO 22318) and BS 10008 electronic information management. His work spans policy and process advisory, audits and gap analysis, penetration testing and vulnerability management oversight, incident management, and security education and awareness.
InfoSec Insider
Season
2
, Episode
3
The ISO 27001 Certification Process
In this episode of InfoSec Insider, Scott Lloyd, Senior Consultant at URM, offers key advice and guidance on the ISO 27001 certification process, how organisations can ensure they are prepared for a smooth and successful certification assessment. Scott leverages his extensive experience in the field of information security to discuss:
- Common misconceptions about certification
- The ‘must-have’ documentation organisations need to have in place ready for their Stage 1 audit
- The Stage 2 audit, the difference between minor and major nonconformities and how they affect certification
- How organisations should handle minor nonconformities so that they do not become majors in the future
- The 3-year certification cycle and Continual Assessment Visits (CAVs)