Complete Checklist For ISO 27001 Compliance (2023)
Becoming ISO 27001 certified is a sure-fire way for startups to grow their client base, increase earnings and enforce safety and security. But, attaining your ISO 27001 certification can be complex and overwhelming.
Startups, Funding stages and Compliance
Starting a business can be an exciting but challenging journey, and funding is one of the most crucial aspects that founders need to consider.
Startup Compliance: the why, what and who
At Compleye, we understand the startup journey. We know your path is different to that of a big corporate. In this article we’ll look at why compliance for startups can be more challenging than compliance for corporates. We’ll take a look at the common mistakes that startups make when it
10 ISO 27001 Non-Conformance Examples, Both Minor and Major
In this article, we take a look at what non-conformance means, the difference between a major and a minor non-conformance, how to avoid and correct non-conformities, and we examine ten ISO 27001 non-conformance examples.
ISO 27001 vs. NIST Cybersecurity Framework: What’s The Difference?
It’s vital to understand the difference between ISO 27001 and NIST CSF before deciding which one to go for. We explain the difference in detail.
ISO 27001 vs. SOC 2: What’s The Difference?
It’s vital to understand the difference between SOC 2 and ISO 27001 before deciding which one to go for. We explain the difference in detail.
Compleye Employs CTO, William Hurst
South African born entrepreneur turned CTO, William Hurst joined Compleye in October 2022. Where’s he from? With an entrepreneurial, rather than an academic brain, William started (and quickly ended) his studies at Stellenbosch University in the early 2000s. Leaving to explore the exciting world of software engineering and coding. Once
How to Write an ISO 27001 Scope Statement (+3 Examples)
In this scope statement guide, we tell you the what, how and why of writing an ISO 27001 scope statement.
Top 10 ISO 27001 Certification Software Tools (2023)
To help you get your ISO 27001 certification, we’ve put together a list of the best ISO 27001 certification software tools out there.
What are the Mandatory Documents Needed for ISO 27001?
The list of documented information for ISO 27001 certification is a lengthy one. However, not all of the documentation is mandatory and your auditor is not necessarily going to want to scrutinise everything you’ve compiled. But, as we always say, better safe, secure and certified than sorry. We’ve compiled a
The costs of: ISO 27001 Certification
In this article, we’ll tell you why IS0 27001 certification is worth it, and we’ll show you which costs you can expect.
What is ISO 27001?
We are going to be very short and simple with this article, just how we think Compliance should be and that is exactly what we do at Compleye, making it simple! Let´s go over the most asked question about ISO 27001: What is ISO 27001? It is an international standard
ISO 27001 Certification: Common pitfalls
Let us break it down for you. The ISO 27001 certification is not a walk in the park, and its challenges are not like riding a bike. With challenges, challenges will arise. When challenges arise, mistakes are there to be made. Mistakes, though, are proof that you’re trying. Just make
Security Data Training
Becoming aware of the Security Data Training Small mistakes can have large consequences. It just takes one innocent employee to accidentally click on the malicious attachment in a phishing email, for a companies’ device to get infected with malware that leads to sensitive information ending up in criminal hands. So
It’s Internal Audit time
If you are a fanatic – or less fanatic – reader of our articles, you will probably know the importance of ensuring information security and regulatory compliance by now. Therefore, evaluating performances and managing risks in that area is highly crucial for organisations. Are we making progress towards our compliance
The number of ISO standards – it’s a numbers game
If you have been following Compleye for quite some time now – good on you – ISO 27001 is a term that you won’t be unfamiliar with. Question is whether you know that ISO 27001 has some brothers and sisters in the ISO-family. Well, some… Let’s actually make that a
What are the internet cookies
Cookies. The ones we occasionally crave, that smell like our childhood home, tend to make us very happy. Internet cookies or digital cookies, however, operate a little differently. The biggest difference? We can’t consume them. Though, you can wholeheartedly leave that up to your browser. Let’s be honest. All internet creatures,
The DPO and PO: their differences
You’re probably getting used to us elaborating important abbreviations out of the industry by now. No worries, we got more in store for you today. We are going to tell you about the DPO and the PO – and their differences – within organisations. So, let’s go and dive into
Top 3 tips for Privacy/GDPR frameworks
As data protection and privacy become a higher corporate priority, compliance and risk professionals would be wise to leverage frameworks regarding privacy. Since we are both compliance professionals and wise, we will provide you with 3 things that anyone should focus on when implementing ISO27001. Focus on Privacy and GDPR.
Not so fine GDPR fines
Fines. Charges. Penalties. Many will consider these (and similar) words to be negative, mood-killing, or even terrifying. The number and the size of the fines that are imposed regarding the GDPR, the General Data Protection Regulation, are just that. Don’t worry, this article is not your next horror story. We
People and passwords. Our love-hate relationship is not that strange, since – in our busy lives – it’s something else to remember and something else to forget. Therefore, at the convenience end of the scale, you can use the same password for everything; from your bank account to a cooking
SOC 2, who?
Today is a great day for abbreviations, don’t you think? Great, let’s go. The American Institute of Certified Public Accountants (AICPA) introduced the System and Organization Controls (SOC). This is the name of one of the more common compliance requirements that (tech) companies should meet today based on the Trust
How to: Noticing phishing emails
Emails. Just like they can be either formal or informal and personal or general, they can be either real or false. We know these false emails as phishing emails. Phishing emails, unfortunately, is not a new phenomenon. It has been the most common attack vector for cybercriminals for a number
Start-ups and compliance: why you should start after all
Hey, busy worker. We totally understand that, as a start-up founder or employee within a brand new company, you are dealing with a lot of stuff. You are (contributing to) building everything from the ground, which deserves a big round of applause. Though, being that busy can lead to losing
When does one talk about a data breach?
Any idea where the sensitive data within your company goes? Where the medical patient records, the identity information of clients and employees or the lists with contact- and payment details end up? Data breach is a growing trend. Not the type of trend that is fun, like trends in clothes,
TNW Amsterdam, here we come!
Meetings, pitch, demo, coffee, repeat. If that doesn’t sound like music to our ears, we don’t know what will. Luckily, this is exactly what the 16th and 17th of June entails for the team of Compleye, when we will be present at TNW conference in Amsterdam with our very own
Just a little about Compleye
When Compleye’ s CEO Karolin started to be busy with the topics security, privacy and quality, she was searching for likeminded people that would be able to break out of the fixed patterns and the set old ways of compliance. She didn’t necessarily search for developers – she sought people
The GDPR policy – Compleye’s advisory advice
The GDPR policy – yet another abbreviation to keep in mind. Please do. The General Data Protection Regulation is super important, since it governs the way in which personal data (yes, also yours) is gathered and handled in the European Union. Long story short: it tells you about your rights. Quite an
Why did we decide to create DIY Compliance Tool?
What if we tell you that you can start with your business’ compliance matters all by yourself? Yes, you’re reading it correctly: use your rookie – based knowledge and tackle them without compliance officers or wizkids. Please say hi to DIY Compliance Tool within the online platform of Compleye. Do
Compleye’s Startupper: Overview never felt so good
If we’d ask you how many tools your company is using, could you name them? Which subscriptions are monthly and annually billed from your bank account? Any idea which people have access to every single one of your business’ 3000 excel files? You probably didn’t even know that there were
Cyber securing your company without the ISO27001 certification: 5 tactical tips
ISO27001 certification You have probably heard about the term by now, whether you own a business, you’re employed, or you have read earlier articles of Compleye. In the latter case, kudos! ISO27001 certification is what specifically deals with the security of data. Is the certification convenient? Undeniably. Is it mandatory or
Our ISO27001 certification approach, makes it almost fun!
How is your ISO27001 certification working out for you? There is a reasonable chance that collecting all necessary documentation makes you want to throw your pc out of the window. Don’t. Compleye is here to the rescue. “Making compliance almost fun”, is one of our quotes for a reason.
The X-Ray is your Compliance Start!
“X-ray noun [eks-rei] – a type of radiation that can go through many solid substances, allowing hidden objects such as bones and organs in the body to be photographed”. Don’t worry, we are not going to examine the internal composition of your body. Though, we will do this to your business. Truth or dare?
Keen on Lean: Compleye’s Lean Compliance Designers.￼
Let us take you on a journey. In the interesting – give it a chance – world of compliance, (amongst others) you will find compliance officers, compliance managers, compliance consultants and compliance designers. But what are the differences between those positions? And more importantly: why does Compleye choose to work with Lean Compliance Designers, in order to support your company and its security and privacy challenges?