Contribute to the cybersecurity survey asking the questions others didn't dare to... Click here

Articles

My articles across various subject – all for you to review.

  • ISO 27001 for Accountants and Financial Services Firms

    ISO 27001 for Accountants and Financial Service Firms Financial services and accountancy firms face relentless pressure to protect sensitive client information, maintain regulatory compliance, and demonstrate robust information security. The Financial Conduct Authority, the Information Commissioner’s Office, and professional bodies including the ICAEW and ACCA have set high expectations for how firms must safeguard data. … Read more

  • ISO 27001 Recertification: What Happens After 3 Years

    My guide on what happens around ISO 27001 recertification. Learn the key elements and what to prepare for.

    Achieving ISO 27001 certification is significant. Maintaining it is the longer game — and one that catches organisations off guard more often than the initial certification does. The three-year certification cycle is structured so that certification bodies can maintain reasonable confidence that certified organisations continue to operate their ISMS effectively between audits. But the structure … Read more

  • ISO 27001 Certification for SaaS Companies: Your Questions Answered

    I get a lot of clients that are launching their SaaS products to the market and want to get ISO 27001. So, here I’ll answer some common questions.

    SaaS companies pursuing ISO 27001 certification tend to arrive at the process with a specific set of questions — some of which differ meaningfully from those asked by traditional enterprises. The nature of SaaS businesses creates particular scoping considerations, supplier dependencies, and commercial drivers that shape how certification works in practice. This guide addresses the … Read more

  • ISO 27001 Business Continuity Planning

    How to address ISO 27001 business continuity per controls 5.29 and 5.30.

    Business continuity planning is one of the areas where organisations implementing ISO 27001 frequently ask the same question: is a full Business Continuity Plan required to achieve certification? The honest answer is that the standard requires specific, defined things — and a comprehensive BCP is not always one of them. What it does require is … Read more

  • Can You Self-Certify for ISO 27001? (And Should You?)

    Can you self certify for ISO 27001? Yes. Should you? That requires some consideration.

    The short answer is yes — you can self-declare conformity with ISO 27001 without engaging a certification body. The longer answer is… that self-declaration and third-party certification are different things that serve different purposes, and which is appropriate depends entirely on why you want the certification in the first place. This distinction matters because organisations … Read more

  • How to Pass Your ISO 27001 Audit First Time

    My guide on ISO 27001 audit tips for how to make sure you pass your ISO 27001 certification first time.

    Most organisations that fail their ISO 27001 audit — or receive more findings than expected — do not fail because they have poor security. They fail because of avoidable preparation mistakes: documentation that does not match practice, processes that exist on paper but not in operation, and gaps that a structured pre-audit review would have … Read more

  • ISO 27001 Audit Findings: How to Respond to Nonconformities

    Learn how to manage ISO 27001 audit findings: how to log, process and resolve nonconformities.

    Receiving a nonconformity from your ISO 27001 auditor is not a crisis. It is a structured event with a defined process, a clear timeline, and a straightforward set of requirements. Most organisations that respond well to nonconformities achieve certification — or maintain it — without significant difficulty. Most organisations that struggle do so not because … Read more

  • ISO 27001 Certification Without a Consultant: Is It Possible?

    Can you implement ISO 27001 without a consultant? Short answer: Yes. But here I’ll explore the potential benefits and pitfalls.

    The short answer is yes — many organisations achieve ISO 27001 certification without engaging an external consultant, and some of them do so efficiently. The longer answer is that whether you should depends on what you already have in-house, how much time your team can commit, and what you are willing to learn as you … Read more

  • ISO 27001 Certification: UKAS vs Non-UKAS — Does It Matter?

    Explore the differences between UK certifications: UKAS vs Non-Accredited certificates. How the differ, and does it matter?

    When you are choosing a certification body for ISO 27001, one of the first things you will encounter is the question of accreditation. Some certification bodies hold accreditation from UKAS — the United Kingdom Accreditation Service, or its equivalent in other countries. Others do not. The difference in cost can be significant. Whether the difference … Read more

  • What Is a UKAS-Accredited ISO 27001 Certificate?

    Learn what a UKAS accredited ISO 27001 certificate is, and who issues them in the UK.

    When an organisation says it holds ISO 27001 certification, the value of that statement (to anyone in the know) depends on who issued the certificate. A UKAS-accredited ISO 27001 certificate is one issued by a certification body that has itself been assessed and approved by the United Kingdom Accreditation Service. Understanding what that means — … Read more

Iseo Blue Limited - UK Registered Company Number : 10215427

Privacy Policy  

Registered office address: Belmont Suite Paragon Business Park, Chorley New Road, Bolton, England, United Kingdom, BL6 6HG