ISO/IEC 27001:2022 Key Changes
Latest update:
23 Nov
2022

Following the publication of ISO/IEC 27001:2022 on 25 October 2022, this blog will provide you with our high-level analysis of the key changes.

Read more
Information Security
updateD:
23/11/2022
What are the Primary Objectives of the Controls Detailed in Annex A of ISO 27001:2013?  

Annex A of ISO 27001 comprises 114 controls which are grouped into the following 14 control categories. Each of the 14 categories and provide you with a clear explanation of the primary objective...

Information Security
updateD:
25/10/2022
What are the ‘Real World’ Benefits of Implementing ISO 27001?

In this blog, we want to dig a bit deeper into the benefits that are gained from implementing the Standard and from achieving certification...

Data Protection
updateD:
6/10/2022
Avoiding Email Data Security Breaches

For all of us, email can be both a blessing and a curse. On one hand you have the speed and convenience of communication, and on the other hand you have a significant information security risk...

Information Security
updateD:
4/10/2022
Should You Start Your ISO 27001 Programme with a Gap Analysis or a Risk Assessment?

The answer depends on your goals and knowledge of your current position. This blog will look at which is best and when.

Social Engineering
updateD:
4/10/2022
Guide to Phishing and How to Recognise a Phishing Attempt

We are hearing a lot about phishing and phishing attacks currently so, in this blog, we will take a step back to understand what phishing is, the types and how to recognise a phishing attack..

Information Security
updateD:
4/10/2022
ISO 27002:2022 Update

The purpose of ISO 27002 is to provide organisations with guidance on selecting, implementing and managing information security controls, taking into account the organisation’s information security...

Data Protection
updateD:
30/9/2022
What is the GDPR?

The General Data Protection Regulation (EU) 2016/679 (GDPR) is an EU regulation which came into effect on 25 May 2018 and set a new benchmark for the processing of personal data. It applies to any...

Information Security
updateD:
23/9/2022
Risk Management – What is it and What Role Does it Play in ISO 27001?

We are going to explore why the focus on a risk-based approach has helped turn ISO 27001, the International Information Security Management Standard, into such a world-beater.

Data Protection
updateD:
2/9/2022
Who Needs a ROPA and Why?

Under the UK General Data Protection Regulation (UK GDPR), the majority of organisations processing personal data are required to create and maintain a formal record of processing activities (ROPA)...

Information Security
updateD:
2/9/2022
PCI DSS v4 – Changes at a Glance

After several years wait, and to surprisingly little fanfare, the Payment Card Industry Security Standards Council (PCI SSC) released the new version of the PCI Data Security Standard (DSS) ...

Data Protection
updateD:
2/9/2022
UK International Data Transfer Agreement

On 2 February 2022, the Information Commissioner’s Office (ICO) laid before Parliament changes around restricted international personal data transfers. The international data transfer agreement...

Information Security
updateD:
24/8/2022
PCI SSC Remote Assessment Guidelines and Procedures

The PCI SCC has recently released a new remote assessment guidelines and procedures. Here we address a number of key questions: What are the Main Contents? What Led to it Being Published? And others.

Information Security
updateD:
11/8/2022
What are the Basics of Internal Auditing?

With this blog, the spotlight turns to internal audit and specifically in the context of ISO 27001, the International Standard for Information Security Management.

Information Security
updateD:
11/8/2022
What’s the Difference Between a Certified and a Compliant ISO 27001 Information Security Management System?

There is some confusion about the difference between having an information security management system (ISMS) which is certified to ISO 27001 and one which is compliant or aligned to the Standard.

Information Security
updateD:
11/8/2022
How Secure is Zoom?

Many organisations have had to adapt very quickly to the rapidly changing restrictions brought in across the globe to help combat the spread of COVID-19 and, in a lot of cases, this has meant that...

Information Security
updateD:
11/8/2022
How to Improve Your Password Management

One of the long-held beliefs underpinning many a password policy is that forcing a regular password change is a good thing.

Information Security
updateD:
11/8/2022
How do You Avoid Information Security Breaches?

With the news often including stories regarding high-profile information security breaches, many of us find ourselves asking how we can we avoid hitting the headlines for all the wrong reasons.

Information Security
updateD:
9/8/2022
How Do You Go About Your ISO 27001 Information Classification?

And how it can help avoid another Snowden Breach! This blog talks about information classification. So, what exactly do we mean by information classification?

Information Security
updateD:
9/8/2022
What is the Difference Between IT and Information Governance?

In this blog, we are going to look at governance. We are regularly asked, ‘what do you mean by governance?’ or, ‘is information governance the same as IT governance?’

Information Security
updateD:
9/8/2022
How Should You Onboard New IT Systems and Software?

This blog takes a look at onboarding information systems. When onboarding is mentioned in terms of information security, typically, most will conclude it’s referring to people...

URM regularly holds FREE seminars and webinars. Check out upcoming events.
Find out more
"
Great presentation - looking forward to your future events.
Webinar 'ISO 27001 Internal Auditing, the 6 Pillars of Success'
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.