ISO 27001 Checklist: The Key to Compliance Before you dive into risk assessments and implementing controls, it’s essential to spend some time engaged in ISO 27001 planning. With the help of Compleye’s free ISO 27001 checklist, and the tips and tricks in this article, you’ll be more than prepared to put
What Happens if I Fail an ISO Audit? ISO audits are hard enough without thinking about the possibility of failure. However, if you fail an ISO audit, all is not lost. Here is Compleye’s guide to what happens after an audit failure, and how your organisation can get straight As
10 GDPR Requirements You Must Know In 2024 The General Data Protection Regulation (GDPR) isn’t just a compliance framework to help you protect personal data – it’s the law. Adhering to GDPR requirements is an essential aspect of keeping your employees, clients, and customers safe. Here are 10 essential requirements
ISO 27001 implementation may seem daunting, but it doesn’t have to be. Follow these 10 simple steps to make the process easier and ensure your organisation meets the standard’s requirements. Introduction ISO 27001 implementation can seem challenging, but organisations need to safeguard their information assets and demonstrate their commitment to
ISO 27001 accreditation provides a framework for managing and protecting sensitive information, and is applicable to businesses of all sizes, from small startups to large corporations. In this comprehensive guide, we will explore how we can unlock business opportunities with ISO27001 for organisations. Introduction ISO 27001 accreditation is
Learn how to develop an effective Statement of Applicability (SoA) for ISO 27001 compliance with this comprehensive guide. Discover key steps, best practices, and expert insights to ensure your organisation meets the requirements of ISO 27001. Understanding the Importance of a Statement of Applicability The Role of the Statement of
Gain a deeper understanding of the ISO 27001 challenges and learn how to tackle them effectively with our comprehensive guide. Explore the 10 common challenges organisations encounter in achieving ISO 27001 compliance and discover practical solutions to ensure a robust Information Security Management System (ISMS). Introduction Importance of ISO 27001
Did you know that (according to IBM) “the average cost of a ransomware attack is about $4.54 million, not including the cost of the ransom itself?” That’s because, as the digital landscape evolves, traditional security measures are no longer sufficient to protect sensitive data and networks. Cyber threats are becoming
According to Wired.co.uk, “…victims have paid ransomware groups $449.1 million in the first six months of this year…If this year’s pace of payments continues … the total figure for 2023 could hit $898.6 million. This would make 2023 the second biggest year for ransomware revenue after 2021”. Corvus Insurance Discover
Entrepreneur, startup founder & SaaS builder, Heikki Erola, joins Compleye as Director of Commerce. Where’d he come from? Born and bred in Finland, Compleye’s new Director of Commerce has lived in a number of countries and now resides in Barcelona. An entrepreneur, Heikki has been working in software and in
In today’s digital era, maintaining security, quality, and efficiency is paramount for any organization. To help businesses meet these standards, several frameworks have been introduced. Three of the most well-recognized ones are SOC2, ISO 27001, and ISO 9001. This post will provide a brief overview of each, followed by a
With cyber threats evolving rapidly and data breaches becoming increasingly common, organizations cannot afford to neglect these essential aspects of their operations. Here’s a quick guide to the primary privacy and security measures all companies should implement for their computer use. Make sure you can check off all these measures
It might sound simple, but it’s strangely not that easy to accurately define compliance management, or for that matter, explain the importance of compliance management and how it enhances your information security posture. Let’s take some time to do just that and to look at key examples of compliance management
A Quality Management System (QMS) is a vital component of any business wanting to ensure customer satisfaction by delivering high quality products or services to their clientele. But how do you keep track of quality and how do you ensure consistent quality throughout your organisation? The answer – ISO 9001.
In today’s digital age, businesses are constantly faced with potential risks and threats to their information security – hazards that could have dire financial consequences. In fact, according to a report by IBM the average cost of a data breach in 2022, in the USA, was $9.44. million. To ensure
When it comes to ISO27001 it’s vital that you keep track of your ISMS’s effectiveness. Although ISO27001 doesn’t give exact KPIs or provide an outline of how to track your ISMS’s effectiveness, it’s important to regularly evaluate the performance of your security measures. To make life a little bit easier,
Love it or hate it, ChatGPT, and in fact, AI (Artificial Intelligence) in general is here to stay. All those in favour say AI should be seen as a tool that can be used to make organisations and individuals more efficient, while all those against wonder if we are falling
The ISO 27001:2022 transition audit. The phrase strikes fear into the hearts of many tech startups who have already been diligent enough to obtain their ISO 27001:2013 certification. But, fear not. If you’re already certified with ISO 27001:2013, that certification is still valid until the end of your certification cycle
As part of your ISO 27001 certification process, you’ll need to conduct an ISO 27001 internal audit to ensure that your Information Security Management System (ISMS) meets all of the ISO 27001 standard’s requirements.
Becoming ISO 27001 certified is a sure-fire way for startups to grow their client base, increase earnings and enforce safety and security. But, attaining your ISO 27001 certification can be complex and overwhelming.
At Compleye, we understand the startup journey. We know your path is different to that of a big corporate. In this article we’ll look at why compliance for startups can be more challenging than compliance for corporates. We’ll take a look at the common mistakes that startups make when it
In this article, we take a look at what non-conformance means, the difference between a major and a minor non-conformance, how to avoid and correct non-conformities, and we examine ten ISO 27001 non-conformance examples.
It’s vital to understand the difference between ISO 27001 and NIST CSF before deciding which one to go for. We explain the difference in detail.
South African born entrepreneur turned CTO, William Hurst joined Compleye in October 2022. Where’s he from? With an entrepreneurial, rather than an academic brain, William started (and quickly ended) his studies at Stellenbosch University in the early 2000s. Leaving to explore the exciting world of software engineering and coding. Once
In this scope statement guide, we tell you the what, how and why of writing an ISO 27001 scope statement.
To help you get your ISO 27001 certification, we’ve put together a list of the best ISO 27001 certification software tools out there.
The list of documented information for ISO 27001 certification is a lengthy one. However, not all of the documentation is mandatory and your auditor is not necessarily going to want to scrutinise everything you’ve compiled. But, as we always say, better safe, secure and certified than sorry. We’ve compiled a
Let us break it down for you. The ISO 27001 certification is not a walk in the park, and its challenges are not like riding a bike. With challenges, challenges will arise. When challenges arise, mistakes are there to be made. Mistakes, though, are proof that you’re trying. Just make
Becoming aware of the Security Data Training Small mistakes can have large consequences. It just takes one innocent employee to accidentally click on the malicious attachment in a phishing email, for a companies’ device to get infected with malware that leads to sensitive information ending up in criminal hands. So
If you are a fanatic – or less fanatic – reader of our articles, you will probably know the importance of ensuring information security and regulatory compliance by now. Therefore, evaluating performances and managing risks in that area is highly crucial for organisations. Are we making progress towards our compliance
If you have been following Compleye for quite some time now – good on you – ISO 27001 is a term that you won’t be unfamiliar with. Question is whether you know that ISO 27001 has some brothers and sisters in the ISO-family. Well, some… Let’s actually make that a
Cookies. The ones we occasionally crave, that smell like our childhood home, tend to make us very happy. Internet cookies or digital cookies, however, operate a little differently. The biggest difference? We can’t consume them. Though, you can wholeheartedly leave that up to your browser. Let’s be honest. All internet creatures,
You’re probably getting used to us elaborating important abbreviations out of the industry by now. No worries, we got more in store for you today. We are going to tell you about the DPO and the PO – and their differences – within organisations. So, let’s go and dive into
As data protection and privacy become a higher corporate priority, compliance and risk professionals would be wise to leverage frameworks regarding privacy. Since we are both compliance professionals and wise, we will provide you with 3 things that anyone should focus on when implementing ISO27001. Focus on Privacy and GDPR.
Fines. Charges. Penalties. Many will consider these (and similar) words to be negative, mood-killing, or even terrifying. The number and the size of the fines that are imposed regarding the GDPR, the General Data Protection Regulation, are just that. Don’t worry, this article is not your next horror story. We
People and passwords. Our love-hate relationship is not that strange, since – in our busy lives – it’s something else to remember and something else to forget. Therefore, at the convenience end of the scale, you can use the same password for everything; from your bank account to a cooking
Today is a great day for abbreviations, don’t you think? Great, let’s go. The American Institute of Certified Public Accountants (AICPA) introduced the System and Organization Controls (SOC). This is the name of one of the more common compliance requirements that (tech) companies should meet today based on the Trust
Emails. Just like they can be either formal or informal and personal or general, they can be either real or false. We know these false emails as phishing emails. Phishing emails, unfortunately, is not a new phenomenon. It has been the most common attack vector for cybercriminals for a number
Hey, busy worker. We totally understand that, as a start-up founder or employee within a brand new company, you are dealing with a lot of stuff. You are (contributing to) building everything from the ground, which deserves a big round of applause. Though, being that busy can lead to losing
Any idea where the sensitive data within your company goes? Where the medical patient records, the identity information of clients and employees or the lists with contact- and payment details end up? Data breach is a growing trend. Not the type of trend that is fun, like trends in clothes,
Meetings, pitch, demo, coffee, repeat. If that doesn’t sound like music to our ears, we don’t know what will. Luckily, this is exactly what the 16th and 17th of June entails for the team of Compleye, when we will be present at TNW conference in Amsterdam with our very own
When Compleye’ s CEO Karolin started to be busy with the topics security, privacy and quality, she was searching for likeminded people that would be able to break out of the fixed patterns and the set old ways of compliance. She didn’t necessarily search for developers – she sought people
The GDPR policy – yet another abbreviation to keep in mind. Please do. The General Data Protection Regulation is super important, since it governs the way in which personal data (yes, also yours) is gathered and handled in the European Union. Long story short: it tells you about your rights. Quite an
What if we tell you that you can start with your business’ compliance matters all by yourself? Yes, you’re reading it correctly: use your rookie – based knowledge and tackle them without compliance officers or wizkids. Please say hi to DIY Compliance Tool within the online platform of Compleye. Do
If we’d ask you how many tools your company is using, could you name them? Which subscriptions are monthly and annually billed from your bank account? Any idea which people have access to every single one of your business’ 3000 excel files? You probably didn’t even know that there were
ISO27001 certification You have probably heard about the term by now, whether you own a business, you’re employed, or you have read earlier articles of Compleye. In the latter case, kudos! ISO27001 certification is what specifically deals with the security of data. Is the certification convenient? Undeniably. Is it mandatory or
How is your ISO27001 certification working out for you? There is a reasonable chance that collecting all necessary documentation makes you want to throw your pc out of the window. Don’t. Compleye is here to the rescue. “Making compliance almost fun”, is one of our quotes for a reason.
“X-ray noun [eks-rei] – a type of radiation that can go through many solid substances, allowing hidden objects such as bones and organs in the body to be photographed”. Don’t worry, we are not going to examine the internal composition of your body. Though, we will do this to your business. Truth or dare?
Let us take you on a journey. In the interesting – give it a chance – world of compliance, (amongst others) you will find compliance officers, compliance managers, compliance consultants and compliance designers. But what are the differences between those positions? And more importantly: why does Compleye choose to work with Lean Compliance Designers, in order to support your company and its security and privacy challenges?