ISO 27001: The Secure Standard for Implementing & Auditing Your ISMS

iso 27001 2013

The year is 2025. Over 465 exabytes of new data is generated each day. The global cybersecurity market is worth $241 billion. Your managed services provider is still using a process document dated March 2019, and you’re starting to regret not having gone with that ISO 27001 certified provider.

Hell, at this point you’re starting to think even an in-house ISMS (Information Security Management System) implementation would have been a better option.

But I’m getting ahead of myself; let’s return to the present. Is ISO 27001 all it’s cracked up to be? Whatever your stance on ISO, it’s undeniable that many companies see ISO 27001 as a badge of prestige, and using ISO 27001 to implement (and potentially certify) your ISMS may well be a good business decision for you.

In this article, we’ll take a look at the foremost standard for information security management – ISO 27001:2013, and investigate some best practices for implementing and auditing your own ISMS.

Here is a summary of what we’ll cover in this Process Street article:

If you just want the free checklist for implementing and auditing your ISMS, you can grab that here. Otherwise, read on!
Continue Reading

ISO: Everything You Need to Know (Ultimate Guide + Free Templates)

isoISO means standards. A standard is just a set of requirements, decided by experts, for doing something specific.

A lot of standards exist under the banner of ISO, for all sorts of things, from quality management, to environmental and social responsibility guidelines, to how to design medical devices.

They’re useful because they help you to write good processes; how to structure, organize, implement, and improve on them.

At the heart of ISO is the principle of systematizing your approach to process management in your company – simple as that! You might be scared of ISO, but there’s really no need to be intimidated. What’s more, recent changes have made it easier than ever to get started with ISO standards.

In this Process Street article, we’ll look at everything ISO, including (but not limited to):

Let’s start with the basics. What exactly is ISO?
Continue Reading

The Ultimate Risk Management Guide: Everything You Need to Know

the ultimate risk management guide everything you need to knowWhat’s the worst that could happen? Risk management is one of the first things you should be thinking about when planning for pretty much anything in your business.

The truth is, risk inescapable; success of your business is not determined by your ability to avoid risk, rather by your ability to accept, plan for, and take advantage of the varying outcomes risk might present to you.

It might sound negative, but risk management is actually more optimistic than it seems.

The key takeaway is that successful risk management strategies are proactive, as opposed to reactive.

By thinking ahead, you can prepare for and prevent risks before they even have a chance to arise.

In this article, we’ll take a look at how you can use Process Street to streamline and automate your risk management approach, including:

Hopefully by the end of it, you’ll have a better understanding of how to focus your risk management efforts into a forward-facing, proactive approach.

There are lots of ways to approach and prepare for risk, and this article will give you the tools you need to master risk management.
Continue Reading

ISO 19011:2018 Basics (8 Free Management System Audit Checklists)

internal audit

What exactly is an “audit“?

The International Organization for Standardization defines it as:

“[the] systematic, independent and documented process for obtaining objective evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.” – ISO, from ISO 19011:2018 – Guidelines for Auditing Management Systems

That’s another way of saying someone takes a look at what you’re doing, gathers some evidence, and compares that evidence to what you’re supposed to be doing (in other words, a set of clearly documented requirements).

In the case of ISO, these requirements are known as standards. ISO 9001 is a standard. ISO 14001 is a standard.

Importantly, this understanding of audit implies that there are a few main things being considered by the auditor:

  • What’s documented by the company (e.g. internal processes, policies, and SOPs)
  • Evidence gathered to support how these policies, procedures, and SOPs are implemented in practice
  • The requirements defined by the ISO standard being audited against (e.g. ISO 9001)

Audits performed by companies to assess and analyze their own management systems are known as internal audits. Many resources for guiding companies on how to perform internal audits exist, and foremost of these is the ISO 19011 standard.

For most management system standards, internal audits are an important requirement. Even guideline standards like ISO 26000 for social responsibility depend on reports to evidence the success of their implementations.

As such, ISO 19011 defines a set of guidelines; a framework for companies to plan, implement, and improve upon their audit programs, for auditing the implementation of management systems.

Since the first edition of ISO 19011 was published in 2002, many new management system standards have been published.

These standards often share a common structure, including certain requirements, terms, and definitions being used. That means ISO 19011 can be used to devise highly economic audit programs, wherein knowledge and processes can be shared and applied across various management systems.

By considering how they might take a broader approach to management system auditing and integration, companies implementing ISO management systems stand to save time, money, and confusion when preparing for and implementing internal audits.

The goal of this post is to provide a spring-board for understanding ISO 19011, and how to get started with internal ISO auditing. In this post, I’ll cover:

  • What is ISO 19011
  • 7 principles of ISO auditing
  • Different types of ISO audit
  • Key elements of an ISO audit
  • 8 free ISO audit templates

If you just want the free ISO audit templates, then here they are:

Continue Reading

Get a free Process Street account
and take control of your workflows today.

No Credit Card Required