Monthly Archives: July 2023
ISO-6: Governance Structure
We are presenting a series of articles in this series to spread the awareness and understanding of ISO 27001, ISO 27701 and PDPCSI. ISO 27001 is a certifiable standard while ISO 27701 is a requirement which can be certified only … Continue reading
ISO-5: Classification of Assets
In the previous article we discussed the need for creating Asset Inventory as part of the Context setting. In the process, we identified four different aspects such as “Data Storage Points”, “Data Collection Points”, Data Processing Points” and “Data Disclosure … Continue reading
ISO-4: Understanding the Context
Before an organization sets about to establish an ISMS or an auditor starts an ISO 27001 audit, it is essential to understand and set the ‘Context’ in which the activity needs to be planned and implemented. By ‘Context’ we mean … Continue reading
ISO-3: Structure -10 clauses with 93 Controls
ISO 27001:2022 adopts a structure of presenting the requirements through the main document that consists of 10 clauses and the Annexe A which indicates 93 controls. In comparison, PDPSI adopts 12 Standards and 50 Model Implementation Specifications. The first three … Continue reading
ISO-2: 93 controls in Four categories
The Annex A of ISO 27001:2022 contains 93 controls in four categories. The Organizational Controls under A.5 has 37 sub Controls, People Controls under A.6 has 8 sub controls, Physical Controls under A.7 has 14 sub controls and Technology controls … Continue reading
ISO-1: The Scope of ISO 27001:2022
The scope of the ISO 27001:2022 standard is to provide requirements for establishing, implementing, maintaining and continually improving an information security management system. (ISMS). The ISMS preserves the confidentiality, integrity and availability of information by applying a risk management process. … Continue reading