Posts by Rick Herman

Howard and Jim chat about ISO/IEC TS 27008:2019 - Guidelines for the Assessment of Information Security Controls. Points discussed include: How do the ISO 27008 and ISO 27001 standards work together to enhance information security within organizations? Why is it important for organizations ...

Howard and Jim chat about "Additional Observations and Benefits of Integrating an ISO 27001 Into an Existing ISO 9001 Quality Management System." Points discussed include:  How can integrating ISO 27001 into an existing ISO 9001 system benefit an organization? What are the key ...

Howard and Jim chat about  ISO 27036-2, Clause 7.5 - Supplier Termination Process. Points discussed include:  How important is it for organizations of all sizes to prioritize information security?  What are some challenges organizations face when it comes to supplier relationship termination?  How ...

Howard and Jim chat about  ISO 27036-2, Clause 7.4 - Supplier Relationship Management Process. Points discussed include:  The importance for organizations to have a process for managing supplier relationships in terms of information security.  The potential risks or vulnerabilities that organizations may face ...

Howard and Jim chat about  ISO 27036-2, Clause 7.3 - Supplier Relationship Agreement Process. Points discussed include:  How important it is for businesses to have supplier contracts that address information security?  The key elements that should be included in an agreement to ensure ...

Howard and Jim chat about  ISO 27036-2, Clause 7.2 - Supplier Selection Process. Points discussed include:  How can organizations effectively plan their supplier relationships to mitigate information security risks?  What are some real-life examples of information security breaches and their impact on organizations? ...

Howard and Jim chat about  ISO 27036-2, Clause 7.1 - Supplier Relationship Planning Process. Points discussed include:  How do the ISO 27036 standards help protect against potential risks and ensure personal safety?  What are some potential legal and regulatory issues that suppliers should ...

Howard and Jim chat about  ISO 27036 Part 2 - Clause 6 - Information security in supplier relationship management Points discussed include:  How does the ISO Review podcast contribute to the understanding and implementation of ISO standards in various industries?  What are some ...

Howard and Jim chat about  ISO 27036 Part I - Protecting Your Data: Overview of Understanding the Risks and Best Practices Guidance for Supplier Relationships. Points discussed include:  Why is due diligence important when choosing suppliers?  Why it's important to evaluate the security ...

Howard and Jim chat about  ISO 27008 Guidelines for Assessing Annex A Controls. Points discussed include:  How many controls are required in ISO 27008?  What are the seven steps outlined in ISO 27008 for measuring and assessing controls?  How can ISO 27008 help ...