Posts by Rick Herman

Howard and Jim chat about the integration of an ISO 27001 into an existing ISO 9001 QMS. Points discussed include: ISO 9001 Quality Management Standard is the most prevalent in the world. It's been around since 1987 and there are over 2 million ...

Howard and Jim chat about the ISO 27001:2022 - Statement of Applicability (SoA) Items discussed include: The Statement of Applicability is required for ISO 27001 certification. It’s a statement that explains which Annex A security controls are — or aren’t — applicable to ...

Howard and Jim chat about ISO 27007 - Guidance for Information Security Management Systems Auditing. Items discussed include: Plan - Do - Check - Act  Approach. Getting clients to ask their auditees if the procedure, the way it's been implemented, is getting them ...

Howard and Jim chat about ISO 27005 - Managing Information Security Risks in this episode of the ISO Review Podcast. Items discussed include: Plan - Do - Check - Act  Approach Identify the risk Analyze  the naure and level of the risk Evaluate ...

Howard and Jim review ISO 27002 - Security Techniques in this episode of the ISO Review Podcast. Items discussed include: Information security, cybersecurity and privacy protection — Information security controls Scope Normative References Terms, definitions, and abbreviated terms Structure of the Document Organizational ...

In this episode, Howard and Jim review the changes in ISO 27001:2022, Information Security Management Systems Requirements Items discussed include: ISO 27001 - Information Security Management System was the pioneer in what was first known as the High Level Structure,  is now called the ...

Guidance for Improving your Internal Audits For an Information Security Management System In this episode, Howard and Jim discuss, Guidance for Improving your Internal Audits for an Information Security Management System. Highlights include: Does the information security auditor have the proper security clearance to access ...

What You Need To Know to Become a Certified ISO Management System Professional In this episode, Howard and Jim discuss, What You Need To Know to Become a Certified ISO Management System Professional. Items highlighted include: MSP Course #1 – ISO 9004:2018 – Sustainable Success ...

Your Path to Become a Certified Lead Auditor In this episode, Howard and Jim discuss the path to become a Certified Lead Auditor. Points Covered How to become a Certified Lead Auditor. Who is the body that certifies lead auditors. What are the courses ...

ISO 27001 - Auditing an Information Security Management System: What Specific Guidance is Available? In this episode, Howard and Jim continue their conversation about ISO 27001, Information Security Management System (ISMS) to Manage Cyber Attacks, and unpack what specific guidance is available on how ...