ISO 27001

Business Continuity Management in ISO 27002:2022

By |2022-03-07T15:52:25+01:00 7 March, 2022|News, Norms & Standards|

In February 2022, ISO 27002 "Information security, cybersecurity and privacy protection - Information security controls" was updated and replaces its predecessor from 2013 with the 2022 version. ISO 27002 is the guidance for implementing the requirements from ISO 27001 and consequently is not itself a certification standard. Certification continues to be based on the ISO 27001 standard. The title of the standard has been changed (formerly: "Information technology - Security techniques - Code of practice for information security controls"), the structure of the controls has been changed, for example by assigning attributes to the individual controls and controls have been merged, the descriptions updated and controls deleted. These changes will be included in the ISO 27001 update and will be mandatory for future ISO 27001 certifications. The following controls were added: Threat intelligence Information security for use of cloud services ICT readiness for business continuity Physical security monitoring [...]

Integration of ISO standards and business continuity management under the umbrella of KTQ

By |2021-09-27T10:49:45+02:00 24 September, 2021|Norms & Standards|

The "Cooperation for Transparency and Quality in Healthcare", (german: Kooperation für Transparenz und Qualität im Gesundheitswesen, KTQ), offers a voluntary certification system, according to which hospitals and other companies in the healthcare sector can be certified. Here, certification according to KTQ offers multiple advantages, as it is specifically tailored to hospitals. The standard is based on a PDCA approach with the patient at its center. This is also where the great strengths of certification according to KTQ lie: employees and patients are at the center and are core areas of KTQ. Both documentation and practice audits are conducted by medical, nursing and economic assessors. This strength also acts as a serious disadvantage for partial aspects of certification, because technical aspects remain in the background. For the inspection within the scope of the certification, about 1.5 hours are planned in the sample inspection plan for the following topics: Overview [...]

Comments Off on Integration of ISO standards and business continuity management under the umbrella of KTQ

Business continuity management as the key to cyber security

By |2021-08-19T08:37:59+02:00 19 August, 2021|Interest|

Resilience to cyberattacks requires much more than protective, defensive security tools and training. Resilience is also about the ability to recover quickly. Therefore, it must always include business continuity management activities. It's time to redefine the role of chief information security officers (CISOs) and budget accordingly. Although prevention is key to limiting cyberattacks, the question is whether it alone is enough. Cyberattacks are constantly increasing in number and severity. A chief information security officer is responsible for prevention, but we believe a CISO should also feel responsible for business continuity and crisis communication: The ability to respond so the business can return to business as usual as quickly as possible is a much more realistic goal than preventing attacks entirely. The goal: Detect, respond, recover and improve. But how can an organization respond to an attack while still planning for its future? By not separating preventive measures and [...]

Comments Off on Business continuity management as the key to cyber security
Go to Top