Assurance Archives - Page 2 of 3

From Chaos to Conformance: A series on implementing an ISMS

Dispelling some common myths.

By Jim, on 24 April, 2017

This is a new blog series on implementing an Information Security Management System (ISMS) based on ISO/IEC 27001:2013 (ISO 27001). This is the first in a series of blog articles aimed at helping organisations understand the value of implementing an ISMS that conforms with ISO 27001.

Risky Business

By Jim, on 28 January, 2016

There is a significant focus within government agencies on the management of risks associated with the adoption of cloud services. This is to be expected as the general perception is that the “cloud” is risky and that adopting cloud services could result in bad outcomes.

When certification scope is reduced, risk transparency suffers

By Lisa, on 3 December, 2015

How are risk owners and agency heads able to make informed decisions about ICT system accreditation without being provided with adequate information?

Axenic invests in certifying its consultants to Information Security Management System (ISMS) Lead Auditor (ISO/IEC 27001:2013)

By Jim, on 24 March, 2015

Axenic is proud to announce that all of its consultants are now certified as Information Security Management System (ISMS) Lead Auditors (ISO/IEC 27001:2013) by BSI (British Standards Institution).

If you are not measuring it, you are not managing it.

By Jim, on 9 July, 2014

In my last article I spoke at some length about not just why a Security Policy is important, what its content should be, but also how it should be written. There is no default setting for Security Policy. Remember, what works for one organisation probably won’t work for another.

Using Sampling To Ensure Effective Audit, Certification and Accreditation.

By Jim, on 11 March, 2014

At Axenic, we have two ISO 27001 Lead auditors and perform a significant number of certification reviews for NZ government agencies. One of the common challenges of auditing is selecting which controls (both procedural and technical) to assess when a client has a limited time-frame or budget.

The Blog

Category: Assurance