Vigilant Software Blog
Clause 6 of ISO 27001 is one of the most important aspects for compliance, as it covers the actions you must take to address information security risks. Everything else you do to meet the Standard’s requirements informs or revolves around …
Those who are just getting to know ISO 27001 will no doubt find the audit a daunting prospect. It’s a big, complex task that can be tricky for even experienced professionals. But, as with many challenges, you can overcome any …
We’re back with another round-up of some of the most notable information security stories of the past month. In this edition, we discuss a hospital employee who abused their power to contact patients, an update on last year’s Ticketmaster data …
ISO 27001 focuses heavily on asset-based planning. This ensures that the information security measures you adopt are appropriate to the threats you face – both in practicality and scale. There is no point implementing controls if what their protecting against is …
If you’re certifying to ISO 27001, one of the first things you need to do identify your information assets. After all, it’s only once you know what you’re dealing with that you determine the threats associated with them. Information assets …
As we enter December, many organisations slow down as they turn their attention to Christmas. Office parties, secret Santas and discussions of when it’s acceptable to put the tree up start to take precedence over work, as employees kill time …
Accountability is an essential principle of the GPDR (General Data Protection Regulation). It requires organisations to take responsibility for compliance and to demonstrate their actions. The concept was implicit in the GDPR’s UK predecessor, the Data Protection Act 1998, but …
ISO 27001 compliance is a complex, ongoing process, which organisations should track using KPIs (key performance indicators). In this blog, we explain what KPIs are and how they fit into your ISO 27001 compliance project, and provide examples that can …
ISO 27001 audits can be intimidating, especially if it’s the first time that your ISMS (information security management system) has been audited. So how can you make sure you’re doing everything that you should? This blog helps you settle your …
The concepts of data privacy and data security might sound similar, but each involves a totally different set of processes and skills for comprehensive data governance. Data privacy relates to the protection of PII (personally identifiable information) – payment card …
