Howard and Jim chat about ISO/IEC TS 27008:2019 - Assessing Information Security Controls, Testing and Validation Techniques - Clauses 7.4.1 - 7.4.3POINTS DISCUSSEDIntroduction and ContextTesting Techniques for ISO 27001 SystemsTesting and Validation Techniques - Clause 7.4.The Importance of Information Security TestingBlind Testing & Double Blind TestingPreparations an auditor make prior to conducting any form of testing on an information security management LEARN MOREClick here to try Conformance1's free online ISO 27001 Gap Checklist.UPCOMING EPISODESHoward and Jim  continue to deep dive into ISO/IEC TS 27008:2019 - Testing and Validation Techniques - Clauses 7.4.4 - 7.4.7.NEXT STEPSPlease follow us on your preferred podcast directory. We appreciate your likes & comments, and shares.   Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other requirements that you have to meet.Click here to visit the International Management System Institute website, and learn about how and why you should consider becoming a Certified ISO Management System Professional.Learn more about Jim on LinkedIn & YouTubeLinkedInLinkedIn ArticlesYouTubeBook Recommendations:Turn the Ship Around!: A True Story of Turning Followers into Leaders by L. David MarquetThe Checklist Manifesto: How to Get Things Right by Atul GawandeLearn more about HowardClick here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.KeywordsISO, ISO 27008, Information Security Management Systems, Risk Management, Testing and Validation Techniques, ISO Review Podcast, Jim Moran, Howard Fox#ISO27001 #ISO27008 #InformationSecurityManagementSystems #RiskManagement #TestingAndValidationTechniques #ISOReviewPodcast

Howard and Jim chat about ISO/IEC TS 27008:2019 - Review Methods, Overview, and Process Analysis  - Clauses 7.1-7.3.POINTS DISCUSSEDWhat are the key takeaways from Jim's explanation of ISO 27008 and the review methods overview and process analysis discussed in the episode?How do you think the use of flowcharts to document procedures and audit controls can benefit organizations in assessing their security controls as per ISO standards?What are some effective communication skills that an auditor should possess when reviewing controls, and why are these skills crucial for the auditing process?In the context of information security controls, what are your thoughts on the importance of testing and validation techniques in ensuring the effectiveness of controls without risking the security of the system?How can the analysis of processes and activities help organizations in managing risks and finding ways to improve their control systems as per ISO 27001?Jim mentioned the importance of reviewing mechanisms, system operations, administrative processes, and physical security measures. How can organizations ensure comprehensive assessment of these aspects while adhering to ISO standards?The episode discussed the need to obtain verifiable evidence through interviews, inspections, observations, and analysis. In your opinion, what are some effective ways to gather such evidence during an audit?LEARN MOREClick here to try Conformance1's free online ISO 27001 Gap Checklist.UPCOMING EPISODESHoward and Jim  continue to deep dive into ISO/IEC TS 27008:2019 - Review Methods: General, Blind testing and Double blind testing  - Clauses 7.4.1- 7.4.3.NEXT STEPSPlease follow us on your preferred podcast directory. We appreciate your likes & comments, and shares.   Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other requirements that you have to meet.Click here to visit the International Management System Institute website, and learn about how and why you should consider becoming a Certified ISO Management System Professional.Learn more about Jim on LinkedIn & YouTubeLinkedInLinkedIn ArticlesYouTubeBook Recommendations:Turn the Ship Around!: A True Story of Turning Followers into Leaders by L. David MarquetThe Checklist Manifesto: How to Get Things Right by Atul GawandeLearn more about HowardClick here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.KeywordsISO, ISO 27008, Information Security Management Systems, Risk Management, ISO Review Podcast, Jim Moran#ISO27001 #ISO27008 #InformationSecurityManagementSystems #RiskManagement #ISOReviewPodcastNote:  As an Amazon Associate, we earn from qualifying purchases.

Howard and Jim chat about ISO/IEC TS 27008:2019 - Guidelines for the assessment of Information Security Controls - Clause 6.2 Reourcing and Competence.POINTS DISCUSSEDWhat are the key takeaways from the discussion on clause 6.2, resourcing and competence?How does this standard help organizations to assess the effectiveness of their information security controls?What are the skills and competencies required for information security auditors to conduct effective control assessments?How do phishing attacks and social engineering tactics put organizations at risk, and what measures can be taken to mitigate these risks?What were the main points in the discussion about the importance of thorough assessment and the need for adequate time to conduct these assessments?How do ISO standards like 27001, 27002, 27005, 27007, and 27008 contribute to the overall management of information security in an organization?What are the potential risks and benefits of engaging subject matter experts in information security auditing?How can organizations work towards continuous improvement in their information security management system through regular audits and training?LEARN MOREClick here to try Conformance1's free online ISO 27001 Gap Checklist.UPCOMING EPISODEHoward and Jim  Deep Dive into ISO/IEC TS 27008:2019 - Review Methods, Overview and Process Analysis  - Clause 7.1-7.2.NEXT STEPSIf you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other requirements that you have to meet.Click here to visit the International Management System Institute website, and learn about how and why you should consider becoming a Certified ISO Management System Professional.Learn more about Jim on LinkedIn & YouTubeLinkedInLinkedIn ArticlesYouTubeBook Recommendations:Turn the Ship Around!: A True Story of Turning Followers into Leaders by L. David MarquetThe Checklist Manifesto: How to Get Things Right by Atul GawandeLearn more about HowardClick here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.KeywordsJim Moran, Simplify ISO, ISO, ISO 27008, Information Security Management Systems, Risk Management, ISO Review Podcast, Howard Fox#ISO27001 #ISO27008 #InformationSecurityManagementSystems #RiskManagement #ISOReviewPodcastNote:  As an Amazon Associate, we earn from qualifying purchases.

Howard and Jim chat about ISO/IEC TS 27008:2019 - Overview of Information Security Control Assessments - Clauses 6.1.4 - 6.1.5.POINTS DISCUSSEDHow does the process of obtaining permission to access all areas and controls play into the effectiveness of an information security audit?Why is it crucial for auditors to create a review checklist, and what should typically be included in this checklist?In what ways do discussions with employees provide valuable insights into the efficacy of the information security management system?How do auditors provide "reasonable assurance" about the achievement of information security goals?How can organizations strike a balance between accepting a certain level of risk and ensuring adequate backup and protection to counter threats?What are some of the latest trends in risk-based approaches to information security that organizations need to stay abreast of?The importance of objective analysis and professional reporting during the audit, and what makes an auditor skilled in this aspectWhat are the main challenges when ensuring that all employees understand and follow the established policies and procedures?What resources and training should organizations prioritize to equip their teams for effective information security management?LEARN MOREClick here to try Conformance1's free online ISO 27001 Gap Checklist.UPCOMING EPISODEHoward and Jim  Deep Dive into ISO/IEC TS 27008:2019 - Guidelines for the assessment of Information Security Controls - Clause 6.2, Resourcing and Competence.NEXT STEPSPlease follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other requirements that you have to meet.Click here to visit the International Management System Institute website, and learn about how and why you should consider becoming a Certified ISO Management System Professional.Learn more about Jim on LinkedIn & YouTubeLinkedInLinkedIn ArticlesYouTubeBook Recommendations:Turn the Ship Around!: A True Story of Turning Followers into Leaders by L. David MarquetThe Checklist Manifesto: How to Get Things Right by Atul GawandeLearn more about HowardClick here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.KeywordsISO, ISO 27008, Information Security Management Systems, Risk Management, ISO Review Podcast#ISO27001 #ISO27008 #InformationSecurityManagementSystems #RiskManagement #ISOReviewPodcastNote:  As an Amazon Associate, we earn from qualifying purchases.

Howard and Jim chat about ISO/IEC TS 27008:2019 - Overview of Information Security Control Assessments - Clauses 6.1.1 - 6.1.3.POINTS DISCUSSEDWhat strategies can organizations employ to ensure that their procedures are not only being followed but are also working efficiently and effectively?How do supply chain contracts affect information security activities, and what role does software play in managing these changes?What are some of the risks involved with updates and changes in software, and how can planning and risk assessment help minimize those risks?In the development of checklists for ISO standard compliance, what elements are crucial to include for proper evidence verification and results recording?Discuss the importance of auditor preparedness, and how can an auditor prepare for assessing information security controls.How an understanding of business process interconnectivity within the supply chain enhances an auditor's ability to assess information security controls.Recommended resources for auditors and other professionals to stay informed about technical security standards and best practices.The role of third-party tests and assessments in the overall audit process, and how should companies approach integrating these findings into their information security framework?LEARN MOREClick here to try Conformance1's free online ISO 27001 Gap Checklist.UPCOMING EPISODEHoward and Jim  Deep Dive into ISO/IEC TS 27008:2019 - Guidelines for the Assessment of Information Security Controls - Clause 6, Part II.NEXT STEPSIf you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other requirements that you have to meet.Click here to visit the International Management System Institute website, and learn about how and why you should consider becoming a Certified ISO Management System Professional.Learn more about Jim on LinkedIn & YouTubeLinkedInLinkedIn ArticlesYouTubeBook Recommendations:Turn the Ship Around!: A True Story of Turning Followers into Leaders by L. David MarquetThe Checklist Manifesto: How to Get Things Right by Atul GawandeLearn more about HowardClick here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.KeywordsISO, ISO 27008, Information Security Management Systems, Risk Management, ISO Review Podcast#ISO27001 #ISO27008 #InformationSecurityManagementSystems #RiskManagement #ISOReviewPodcastNote:  As an Amazon Associate, we earn from qualifying purchases.

Howard and Jim chat about ISO/IEC TS 27008:2019 - Guidelines for the Assessment of Information Security Controls - Clause 5_BackgroundPOINTS DISCUSSEDWhat are the key takeaways from the discussion on ISO 27008 and its significance for organizations in terms of information security controls and guidelines?How do information security controls play a vital role in managing unacceptable risks and promoting effective implementation within organizations, as outlined in the episode?What were the technical assessment aspects clarified in the episode, especially concerning the assessment of organizational controls, people controls, physical controls, and technological controls?How does the discussion emphasize the importance of maintaining and improving information security controls and the potential impact of internal and external factors on control effectiveness?In what ways can ISO 27008 and its application help organizations identify potential problems and shortfalls in control implementations, leading to improved risk mitigation and decision-making processes?How did the episode shed light on the role of audits and the necessity for objectivity in assessing the compliance and effectiveness of information security controls within the ISO 27008 framework?What are the potential benefits and implications for organizations in terms of stakeholder confidence, regulatory compliance, and management decisions, resulting from the effective implementation and assessment of information security controls?How does the episode set the stage for the upcoming discussions on clauses 6, 7, and 8, along with the various annexes?LEARN MOREClick here to try Conformance1's free online ISO 27001 Gap Checklist.UPCOMING EPISODEHoward and Jim  Deep Dive into ISO/IEC TS 27008:2019 - Guidelines for the Assessment of Information Security Controls - Clause 6, Part I.NEXT STEPSIf you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other requirements that you have to meet.Click here to visit the International Management System Institute website, and learn about how and why you should consider becoming a Certified ISO Management System Professional.Learn more about Jim on LinkedIn & YouTubeLinkedInLinkedIn ArticlesYouTubeLearn more about HowardClick here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.KeywordsISO, ISO 27008, Information Security Management Systems, Risk Management, Artificial Intelligence, ISO Review Podcast#ISO27001 #ISO27008 #InformationSecurityManagementSystems #RiskManagement #ISOReviewPodcast

Howard and Jim chat about ISO/IEC TS 27008:2019 - Guidelines for the Assessment of Information Security Controls.Points discussed include:How do the ISO 27008 and ISO 27001 standards work together to enhance information security within organizations?Why is it important for organizations to have good monitoring systems in place, and what are some key considerations for setting up effective monitoring?What are the controls outlined in ISO 27008, and how do they contribute to improving risk management and stakeholder approval?In what ways can artificial intelligence be utilized to identify risks and enhance the monitoring of information security controls within organizations?How does the ISO 27008 standard contribute to providing assurance to stakeholders such as customers, partners, and regulatory bodies regarding an organization's robust information security management process?How can organizations effectively integrate the assessment of controls outlined in ISO 27008 with other ISO standards, such as ISO 27001 and ISO 27002?What role do people and training play in maintaining the security of information within organizations?What are some best practices for conducting internal audits to assess the effectiveness of Annex A controls, risk management, and improvement opportunities within an organization's information security management system?Complimentary ISO ResourcesClick here to try Conformance1's free online ISO 27001 Gap Checklist.Upcoming EpisodeHoward and Jim  Deep Dive into Information Security Controls, ISO/IEC TS 27008:2019.Next StepsIf you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other requirements that you have to meet.Click here to visit the International Management System Institute website so that you can learn about how and why you should consider becoming a Certified ISO Management System Professional.Learn more about Jim on LinkedIn & YouTubeLinkedInLinkedIn Articles:YouTubeLearn more about HowardClick here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.KeywordsISO, ISO 27001, ISO 27008, Information Security Management Systems, Risk Management, Artificial Intelligence, AI, Podcast Interview#ISO27001 #ISO27008 #InformationSecurityManagementSystems #RiskManagement #ArtificialIntelligence #AI #PodcastInterview

Howard and Jim chat about "Additional Observations and Benefits of Integrating an ISO 27001 Into an Existing ISO 9001 Quality Management System."Points discussed include: How can integrating ISO 27001 into an existing ISO 9001 system benefit an organization?What are the key differences between ISO 9001 and ISO 27001 in terms of structure and requirements?How can organizations effectively identify and assess information security risks according to ISO 27001?What role does leadership play in implementing and maintaining an effective information security management system?How can organizations ensure that all employees are fully aware of their impact on information security within the organization?What are some potential weaknesses in communication with suppliers that may pose a risk to information security?How can organizations utilize visual representations, such as flowcharts, to enhance their management systems?What are some best practices for conducting internal audits that address the requirements of ISO 27001?How does ISO 27001 emphasize the need for continual improvement in information security management?What additional controls and requirements does ISO 27001's Annex A introduce, and how can organizations effectively implement them?Complimentary ISO ResourcesClick here to try Conformance1's free online ISO 27001 Gap Checklist.Upcoming EpisodeHoward and Jim chat about the Guidelines for the Assessment of Information Security Controls, ISO IEC TS 27008:2019.Next StepsIf you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other requirements that you have to meet.Click here to visit the International Management System Institute website so that you can learn about how and why you should consider becoming a Certified ISO Management System Professional.Learn more about Jim on LinkedIn & YouTubeLinkedInLinkedIn Articles:YouTubeLearn more about HowardClick here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.Connect with Howard on LinkedIn.Keywords#ISO #ISO27001 #ISO27001Certification #ISO27001Integration #InformationSecurityManagementSystems

Howard and Jim chat about  ISO 27036-2, Clause 7.5 - Supplier Termination Process.Points discussed include: How important is it for organizations of all sizes to prioritize information security? What are some challenges organizations face when it comes to supplier relationship termination? How can ISO standards help organizations in managing their supplier relationships and information security? What are some potential risks or consequences of not properly terminating a supplier relationship? How can organizations ensure a smooth and secure transition when terminating a supplier relationship? What role does communication play in the supplier termination process, particularly in terms of information security? What are some best practices for creating a termination plan within a supplier agreement? How can organizations protect their information and intellectual property during and after a supplier relationship termination? What steps should organizations take to ensure legal and regulatory compliance during the supplier termination process? How can organizations evaluate the effectiveness of their supplier termination process in terms of information security?Complimentary ISO ResourcesClick here to try Conformance1's free online ISO 27001 Gap Checklist.Next StepsIf you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other requirements that you have to meet.Click here to visit the International Management System Institute website so that you can learn about how and why you should consider becoming a Certified ISO Management System Professional.Learn more about Jim on LinkedIn & YouTubeLinkedInLinkedIn Articles:YouTubeLearn more about HowardClick here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.Connect with Howard on LinkedIn.Keywords#ISO #ISO27001 #ISO27001Certification #InformationSecurityManagementSystems  #SupplierRelationshipTerminationProcess

Howard and Jim chat about  ISO 27036-2, Clause 7.4 - Supplier Relationship Management Process.Points discussed include: The importance for organizations to have a process for managing supplier relationships in terms of information security. The potential risks or vulnerabilities that organizations may face when it comes to information security in the supply chain. What organizations can do to ensure that their suppliers are meeting the information security requirements stated in the contract. The role communication plays in ensuring successful supplier relationship management in terms of information security. The ways organizations can effectively monitor and enforce compliance with information security requirements in the supplier relationship. Key considerations for organizations when transitioning from one supplier to another in terms of information security. What organizations can do to mitigate the risks associated with information security during the transition to a new supplier.  The steps organizations can take to train their employees on information security requirements in the supplier relationship. The potential challenges or obstacles that organizations may face when managing supplier relationships in terms of information security. What steps can organizations prepare for and respond to situations where information security issues arise in the supplier relationship?Complimentary ISO ResourcesClick here to try Conformance 1's free online ISO 27001 Gap Checklist.Upcoming EpisodesHoward and Jim chat about: ISO 27036-2 Supplier Relationship Requirements - Clause 7.5 - Supplier Relationship Termination ProcessNext StepsIf you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other requirements that you have to meet.Click here to visit the International Management System Institute website so that you can learn about how and why you should consider becoming a Certified ISO Management System Professional.Learn more about Jim on LinkedIn & YouTubeLinkedInLinkedIn Articles:YouTubeLearn more about HowardClick here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.Keywords#ISO #ISO27001 #ISO27001Certification #InformationSecurityManagementSystems  #SupplierRelationshipAgreement

Howard and Jim chat about  ISO 27036-2, Clause 7.3 - Supplier Relationship Agreement Process.Points discussed include: How important it is for businesses to have supplier contracts that address information security? The key elements that should be included in an agreement to ensure information security. How can businesses effectively measure their suppliers' compliance with information security requirements? What role does change management play in supplier agreements and information security? How can businesses ensure a smooth transition with their suppliers when it comes to information security? The potential risks and challenges businesses face when it comes to maintaining information security in the supply chain. How businesses can effectively monitor and enforce their suppliers' compliance with information security standards. The criteria  businesses should use when selecting suppliers for information security purposes.The measures businesses can take to protect sensitive information during and after the termination of a supplier agreement. Industry-specific considerations or regulations that businesses should be aware of when it comes to information security in the supply chainComplimentary ISO ResourcesClick here to try Conformance 1's free online ISO 27001 Gap Checklist.Upcoming EpisodesHoward and Jim chat about: ISO 27036-2 Supplier Relationship Requirements - Clause 7.4 - Supplier Relationship Management ProcessISO 27036-2 Supplier Relationship Requirements - Clause 7.5 - Supplier Relationship Termination ProcessNext StepsIf you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other requirements that you have to meet.Click here to visit the International Management System Institute website so that you can learn about how and why you should consider becoming a Certified ISO Management System Professional.Learn more about Jim on LinkedIn & YouTubeLinkedInLinkedIn Articles:YouTubeLearn more about HowardClick here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.Keywords#ISO #ISO27001 #ISO27001Certification #InformationSecurityManagementSystems  #SupplierRelationshipAgreement

Howard and Jim chat about  ISO 27036-2, Clause 7.2 - Supplier Selection Process.Points discussed include: How can organizations effectively plan their supplier relationships to mitigate information security risks? What are some real-life examples of information security breaches and their impact on organizations?  Why is it important for organizations to communicate the importance of information security to all employees, and how can top management lead by example? What are some key elements that should be included in a supplier relationship plan to ensure information security? How can organizations assess and manage risks in their relationships with suppliers? Why is it impossible to eliminate all information security risks, and how can organizations determine acceptable levels of risk? What role does legal and regulatory compliance play in supplier relationship planning for information security? How can organizations ensure that their suppliers are complying with information security requirements and addressing potential risks?  What are some considerations for evaluating new suppliers in terms of their information security impact? Why is it important to continually maintain and update information security measures in an organization?Complimentary ISO ResourcesClick here to try the online ISO 27001 Gap Checklist.Upcoming EpisodesHoward and Jim chat about: ISO 27036-2 Supplier Relationship Requirements - Clause 7.3 - Supplier Relationship AgreementISO 27036-2 Supplier Relationship Requirements - Clause 7.4 - Supplier Relationship Management ProcessISO 27036-2 Supplier Relationship Requirements - Clause 7.5 - Supplier Relationship Termination ProcessNext StepsIf you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other requirements that you have to meet.Click here to visit the International Management System Institute website so that you can learn about how and why you should consider becoming a Certified ISO Management System Professional.Learn more about Jim on LinkedIn & YouTubeLinkedInLinkedIn Articles:YouTubeLearn more about HowardClick here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.Keywords#ISO #ISO27001 #ISO27001Certification #InformationSecurityManagementSystems  #I

Howard and Jim chat about  ISO 27036-2, Clause 7.1 - Supplier Relationship Planning Process. Points discussed include: How do the ISO 27036 standards help protect against potential risks and ensure personal safety? What are some potential legal and regulatory issues that suppliers should be aware of in relation to information security impacts? Why is it important for requirements and agreements with suppliers to be strongly worded and clearly labeled as "shall"? What are real-life examples where a breach in information security had devastating effects on a company's asset value or credibility? What are some challenges in protecting against breaches and maintaining information security measures in organizations? What steps should companies take to address information security concerns proactively, rather than waiting for clients to request it?What are some key steps individuals can take to maintain cybersecurity in their supply chain?Complimentary ISO ResourcesClick here to obtain your copy of the ISO 27001 Gap Checklist.Upcoming EpisodesHoward and Jim chat about: ISO 27036-2 Supplier Relationship Requirements - Clause 7.2 - Supplier Selection ProcessISO 27036-2 Supplier Relationship Requirements - Clause 7.3 - Supplier Relationship AgreementISO 27036-2 Supplier Relationship Requirements - Clause 7.4 - Supplier Relationship Management ProcessISO 27036-2 Supplier Relationship Requirements - Clause 7.5 - Supplier Relationship Termination ProcessNext StepsIf you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that you have to meet.Click here to visit the International Management System Institute website so that you can learn about how and why you should consider becoming a Certified ISO Management System Professional.Learn more about Jim on LinkedIn & YouTubeLinkedInLinkedIn Articles:YouTubeLearn more about HowardClick here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.Keywords#ISO #ISO27001 #ISO27001Certification #InformationSecurityManagementSystems  #ISO27036

Howard and Jim chat about  ISO 27036 Part 2 - Clause 6 - Information security in supplier relationship managementPoints discussed include: How does the ISO Review podcast contribute to the understanding and implementation of ISO standards in various industries? What are some practical steps that companies can take to ensure information security in supplier relationships? How has the globalized supply chain impacted the security of information and data? Why is it important for businesses to prioritize quality assurance processes and follow Mr. Deming's principles? In what ways can hardware and software work together to enhance information security and ensure smooth operations? How can businesses effectively assess and manage the risks associated with information security in the supply chain? What role does project management play in the acquisition process and information security management? How do the principles outlined in ISO 27036 part two align with the practice of continuous improvement in business processes? What are some common challenges and pitfalls that companies face when implementing information security measures in supplier relationships? What resources or tools are available to businesses that want to learn more and improve their understanding of ISO standards and information security practices?Complimentary ISO ResourcesClick here to obtain your copy of the ISO 27001 Gap Checklist.On Our Next EpisodesHoward and Jim chat about ISO 27036 Part 2 - Clause 7 - Information security in a supplier relationship example.Next StepsIf you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that you have to meet.Click here to visit the International Management System Institute website so that you can learn about how and why you should consider becoming a Certified ISO Management System Professional.Learn more about Jim on LinkedIn & YouTubeLinkedInLinkedIn Articles:YouTubeLearn more about HowardClick here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.Keywords#ISO #ISO27001 #ISO27001Certification #InformationSecurityManagementSystems #AnnexA #RiskAssessment

Howard and Jim chat about  ISO 27036 Part I - Protecting Your Data: Overview of Understanding the Risks and Best Practices Guidance for Supplier Relationships.Points discussed include: Why is due diligence important when choosing suppliers? Why it's important to evaluate the security practices and capabilities of suppliers to make sure that they meet your information security requirements.What are the key factors to consider when evaluating supplier relationships for information security practices and capabilities? Why you need to have processes to manage the information security risks with interacting with your suppliers. Why you need to create a culture of information awareness, make sure every day, every single person in your in your organization is thinking information security all day long!On Our Next EpisodesHoward and Jim chat about ISO 27036-2 - Requirements for Information Security in your Supplier Relationships.Next StepsIf you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that you have to meet.Click here to visit the International Management System Institute website so that you can learn about how and why you should consider becoming a Certified ISO Management System Professional.Click here to learn more about the ISO 27001 Gap Checklist.Learn more about Jim on LinkedIn & YouTubeLinkedInLinkedIn Articles:YouTubeLearn more about HowardClick here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.Keywords#ISO #ISO27001 #ISO27001Certification #InformationSecurityManagementSystems #AnnexA #RiskAssessment #ISOHarmonizedStructure #StatementofApplicability #InternationalStandardsDevelopmen #SimplifyISO #ISO27001:2022 #ISO27008

Howard and Jim chat about  ISO 27008 Guidelines for Assessing Annex A Controls.Points discussed include: How many controls are required in ISO 27008? What are the seven steps outlined in ISO 27008 for measuring and assessing controls? How can ISO 27008 help organizations improve information security? What is the significance of continual improvement in information security controls?On Our Next EpisodesHoward and Jim chat about ISO 27036-1 Overview & Concepts related to your Supplier RelationshipsNext StepsIf you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that you have to meet.Click here to visit the International Management System Institute website so that you can learn about how and why you should consider becoming a Certified ISO Management System Professional.Click here to learn more about the ISO 27001 Gap Checklist.Learn more about Jim on LinkedIn & YouTubeLinkedInLinkedIn Articles:YouTubeLearn more about HowardClick here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.Keywords#ISO #ISO27001 #ISO27001Certification #InformationSecurityManagementSystems #AnnexA #RiskAssessment #ISOHarmonizedStructure #StatementofApplicability #InternationalStandardsDevelopmen #SimplifyISO #ISO27001:2022 #ISO27008

Howard and Jim chat about Competence Requirements For Information Security Management Systems Professionals.Points discussed include: What is the importance of communication and documentation in auditing firms for ISMS professionals? How can auditors prepare for an audit, and what information should they request from the organizations being audited?What ethics are involved in auditing and what is the importance of ethics in firms and individuals who perform tasks in companies? What are some qualifications that ISM professionals need to have in order to become auditors?What are some key attributes and skills that auditors need to have in order to perform their job responsively and ethically?What are some of the challenges that auditors may face in conducting an objective and fair audit, and how can they overcome these challenges?Where can listeners go to learn more about ISO auditing and the topics discussed in this podcast episode?On Our Next EpisodeHoward and Jim chat about ISO 27008 Guidelines for Auditing Annex A Controls.Next StepsIf you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that you have to meet.Click here to visit the International Management System Institute website so that you can learn about how and why you should consider becoming a Certified ISO Management System Professional.Click here to learn more about the ISO 27001 Gap Checklist.Learn more about Jim on LinkedIn & YouTubeLinkedInLinkedIn Articles:YouTube Learn more about HowardClick here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.Keywords#ISO #ISO27001 #ISO27001Certification #Registrars #ITProjects #InformationSecurityManagementSystems #AnnexA #RiskAssessment #ISOHarmonizedStructure #StatementofApplicability #InternationalStandardsDevelopmen #SimplifyISO #ISO27001:2022 #AnnexA

Howard and Jim chat about the Path to ISO 27001 Certification.Points discussed include:What is ISO 27001 and why do some organizations need certification in it?Do most organizations need to be certified in ISO 27001 to bid on projects in the future? What is the process for achieving ISO 27001 certification?Why is formalizing and structuring information management important for organizations?What are the risks if an organizations buys pre-created or pre-crafted procedures or documentation for ISO 27001 certification?What are the ISO 27001 certification path scenarios where an organization has no ISO certification and a scenario where an organization is certified to another ISO standard for achieving ISO 27001 certification?How long does it take to complete the statement of applicability for an ISO 27001 system?Is there help available for organizations to implement ISO 27001? Competence Requirements for Information Security Management Systems Professionals.Next StepsIf you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that you have to meet.Click here to visit the International Management System Institute website so that you can learn about how and why you should consider becoming a Certified ISO Management System Professional.Click here to learn more about the ISO 27001 Gap Checklist.Learn more about Jim on LinkedIn & YouTubeLinkedIn: https://www.linkedin.com/in/simplifyiso/LinkedIn Articles: https://www.linkedin.com/in/simplifyiso/detail/recent-activity/posts/YouTube: https://www.youtube.com/channel/UCrt2Hgj-5AjHKEvyf2ssZ8gLearn more about HowardClick here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.The ISO Review Podcast is a production of SimplifyISO.#ISO #ISO27001 #ISO27001Certification #Registrars #ITProjects #InformationSecurityManagementSystems #AnnexA #RiskAssessment #ISOHarmonizedStructure #StatementofApplicability #InternationalStandardsDevelopmen #SimplifyISO #ISO27001:2022 #AnnexA

Howard and Jim chat about  ISO 27001, Annex A - Technical  Controls.Points discussed include a review of the 14 controls in Clause 8:Annex A, Clause Eight, Technical ControlsNumber of controls:34  (8.1 to 8.34)On Our Next EpisodeThe Path to ISO 27001 Certification - Find out the steps you'll need to take to become Certified to ISO 27001:2022!Next Steps - review your current situation against these controls to see if you can find a way to improve your Technical Controls for better Information security.If you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that you have to meet.Click here to visit the International Management System Institute website so that you can learn about how and why you should consider becoming a Certified ISO Management System Professional.Learn more about Jim on LinkedIn & YouTubeLinkedIn: https://www.linkedin.com/in/simplifyiso/LinkedIn Articles: https://www.linkedin.com/in/simplifyiso/detail/recent-activity/posts/YouTube: https://www.youtube.com/channel/UCrt2Hgj-5AjHKEvyf2ssZ8gLearn more about HowardClick here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.The ISO Review Podcast is a production of SimplifyISO.

Howard and Jim chat about  ISO 27001, Annex A - Physical Controls.Points discussed include a review of the 14 controls in Clause 7:Annex A, Clause Seven, Physical ControlsNumber of controls:14  (7.1 to 7.14)On Our Next EpisodeISO 27001, Annex A - Clause 8 - Technology Controls.Next Steps - review your current situation against these controls to see if you can find a way to improve your Physical Controls for better Information security.If you enjoyed this episode, please follow us on your preferred podcast directory. We appreciate your likes & comments, and invite you to share episode with anyone who might benefit from learning about this topic.   Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that you have to meet.Click here to visit the International Management System Institute website so that you can learn about how and why you should consider becoming a Certified ISO Management System Professional.Learn more about Jim on LinkedIn & YouTubeLinkedIn: https://www.linkedin.com/in/simplifyiso/LinkedIn Articles: https://www.linkedin.com/in/simplifyiso/detail/recent-activity/posts/YouTube: https://www.youtube.com/channel/UCrt2Hgj-5AjHKEvyf2ssZ8gLearn more about HowardClick here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.The ISO Review Podcast is a production of SimplifyISO.