ISO 27001 Control A.7

A.7.1 Responsibility for assets Objective: To achieve and maintain appropriate protection of organizational assets. A.7.1.1 Inventory of assets Control All assets shall be clearly identified and an inventory of all important assets drawn up and maintained. A.7.1.2 Ownership of assets Control All information and assets associated with information processing facilities shall be ‘owned’ by a designated part of the organization. A.7.1.3 Acceptable use of assets Control Rules for the acceptable…

ISO 27001 Control A.6

A.6 Organization of information security A.6.1 Internal organization Objective: To manage information security within the organization. A.6.1.1 Management commitment to information security Control Management shall actively support security within the organization through clear direction, demonstrated commitment, explicit assignment, and acknowledgment of information security responsibilities. A.6.1.2 Information security coordination Control Information security activities shall be co-ordinated by representatives from different parts of the organization with relevant roles and job functions. A.6.1.3…

How GRC solutions help companies meet GDPR requirements

In May of 2018, companies raced to the finish line to accomplish GDPR compliance. Given that it was the first year of GDPR, many industry experts expected to not see any companies fined. That is all going to change in the year ahead. In January 2019, Google was hit with the first major GDPR fine of $57 million, putting an end to the unspoken grace period. Companies should recognize this…

ISO 27001 Control A.5

A.5 Security Policies A.5.1 Information Security Policy To provide management direction and support for information security in accordance with business requirements and relevant laws and regulations. A.5.1.1 Information Security Policy Document A set of policies must be defined, approved by management, published and communicated to employees and relevant external parties. The policies must be led by business needs, alongside the applicable regulations and legislation affecting the organisation too. These policies need…

Blockchain and whistle blowers

A whistleblower is a person who comes forward and shares his/her knowledge on any wrongdoing which he/she thinks is happening in the whole organisation or in a specific department. A whistleblower could be an employee, contractor, or a supplier who becomes aware of any illegal activities. To protect whistleblowers from losing their job or getting mistreated there are specific laws. Most companies have a separate policy which clearly states how…