Get a quote

ISO/IEC 27001:2022 – Information Security Management

26 November 2025

Knowledge

ISO 27001

The international standard for information security

Article contents

What is ISO 27001 information security management? ISO 27001 benefits What is an ISMS? ISO 27001 has changed How to achieve ISO 27001 compliance ISO 27001 and risk management ISO 27001 clauses and controls Demonstrating GDPR compliance with ISO 27001 and ISO 27701 How IT Governance can help you get ISO 27001 certified Need expert guidance on ISO 27001? Frequently asked questions (FAQs) Ready to simplify your security? Let’s get started.

What is ISO 27001 information security management?

ISO/IEC 27001 is the international standard for information security management.

 

Part of the ISO 27000 series, ISO 27001 sets out a framework for all organisations to establish, implement, operate, monitor, review, maintain and continually improve an ISMS (information security management system).

 

Certification to the ISO 27001 standard is recognised worldwide as proof that your organisation’s information security management is aligned with best practice.

ISO 27001 benefits

ISO 27001 is one of the most popular information security standards in existence. Independent accredited certification to the Standard is recognised worldwide. The number of certifications has grown by more than 450% in the past ten years.

Implementing the Standard helps you meet the requirements of laws such as the UK and EU GDPR (General Data Protection Regulation) and the NIS (Network and Information Systems) Regulations. It also helps reduce the costs associated with data breaches.

Learn more about the benefits of ISO 27001

Protect your data, wherever it is: Protect all forms of information, whether digital, hard copy or in the Cloud.

Increase your attack resilience: Increase your organisation’s resilience to cyber attacks.

Reduce information security costs: Implement only the security controls you need, helping you get the most out of your budget.

Respond to evolving security threats: Constantly adapt to changes both in the wider environment and inside the organisation.

Improve company culture: An ISMS encompasses people, processes and technology, ensuring staff understand risks and embrace security as part of their everyday working practices.

Meet contractual obligations: Certification demonstrates your organisation’s commitment to data security and provides a valuable credential when tendering for new business.

What is an ISMS?

An ISMS takes a systematic approach to securing the CIA (confidentiality, integrity and availability) of corporate information assets.

An ISO 27001 ISMS consists of organisational, people, physical and technological controls, selected on the basis of regular risk assessments.

Its technology- and vendor-neutral approach makes it suitable for all organisations, whatever their size, complexity, sector or location.

ISO 27001 has changed

ISO/IEC 27001:2022 – the newest version of ISO 27001 – was published in October 2022. As of 30 April 2024, certification bodies can no longer offer (re)certification to the 2013 edition of the Standard.

For more information about ISO 27001:2022 and its companion standard, ISO 27002:2022, and how they affect your organisation, visit ISO 27001 and ISO 27002:2022 updates.

Download your copy of ISO 27001:2022 here
Download your copy of ISO 27002:2022 here

How to achieve ISO 27001 compliance

Implementing an ISMS involves the following:

  • Scoping the project.
  • Securing management commitment and adequate resources.
  • Identifying interested parties and applicable legal and contractual requirements.
  • Conducting a risk assessment.
  • Selecting and implementing the required controls.
  • Developing internal competence to manage the project.
  • Developing the appropriate documentation.
  • Conducting staff awareness training.
  • Continually measuring, monitoring, reviewing and auditing the ISMS.
  • Implementing the necessary corrective and preventive actions.

Discover our ISO 27001 implementation checklist and our nine-step approach to implementing an ISMS in our bestselling guide.

 

ISO 27001 and risk management

Risk management forms the cornerstone of an ISMS. All ISMS projects rely on regular information security risk assessments to determine which security controls to implement and maintain.

The Standard defines its requirements for the risk management process, including risk assessment and treatment, in Clause 6.1.

ISO 27001 clauses and controls

ISO 27001:2022 has ten management system clauses. Together with Annex A, which lists the 93 information security controls from ISO 27002:2022, they support the implementation and maintenance of an ISMS.

  1. Scope
  2. Normative references
  3. Terms and definitions
  4. Context of the organization
  5. Leadership
  1. Planning
  2. Support
  3. Operation
  4. Performance evaluation
  5. Improvement

Although the 2022 version of the Standard has fewer controls than the 2013 version, this is because many controls have been merged rather than removed. ISO 27002:2022 also introduces 11 new controls.

The 93 controls are grouped into four themes:

  1. Organisational (37 controls)
  2. People (8 controls)
  1. Physical (14 controls)
  2. Technological (34 controls)

ISO 27001 doesn’t require all 93 to be implemented. Instead, your risk assessment should define which controls are required, and you should justify why other controls are excluded.

Read our blog ISO 27001:2022 Annex A Controls Explained to learn more.

Download the ISO 27001 Management System Clauses infographic

Demonstrating GDPR compliance with ISO 27001 and ISO 27701

Like all ISO management system standards, ISO 27001 follows Annex SL. This common high-level structure makes implementing integrated management systems that conform to multiple standards easier.

For instance, an ISO 22301-compliant BCMS (business continuity management system) could share components with an ISO 27001-compliant ISMS.

ISO 27701 is an extension to ISO 27001, expanding its requirements to cover privacy management. This includes the processing of personal data or PII (personally identifiable information).

Implementing an integrated ISMS and ISO 27701-compliant PIMS (privacy information management system) will help you meet the GDPR’s requirements for managing, processing and protecting personal data.

Learn more about ISO 27701

 

How IT Governance can help you get ISO 27001 certified

  • Our implementation methodology has been honed for more than 20 years.
  • We are the global authority on ISO 27001. Our management team led the world’s first certification project when the Standard was known as BS 7799.
  • We offer everything you need to implement an ISMS – you don’t need to go anywhere else.
  • We guarantee certification (provided you follow our advice!).
  • You benefit from real-world practitioner expertise, not just academic knowledge.
  • We have trained more than 7,000 professionals on ISO 27001 implementations and audits worldwide.
  • We’ve helped more than 800 consultancy clients achieve certification to and compliance with ISO 27001.
  • We have a proven and pragmatic approach to assessing compliance with international standards, no matter your organisation’s size or nature.
  • Our pricing and proposals are completely transparent, so you won’t get any surprises.
  • Our FastTrack™ service helps organisations prepare for certification in three to six months.
Need expert guidance on ISO 27001?
Having led the world's first successful ISO 27001 certification project and helped 800+ organisations achieve certification, our experts can guide you through every step of the process.
Contact us

Frequently asked questions (FAQs)

What is ISO 27001?: ISO 27001 is the international standard for information security management. It sets out the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). The standard helps organisations protect data, manage risk and demonstrate compliance to customers and regulators.

What is ISO 27001 certification?: ISO 27001 certification is the formal recognition that an independent auditor has verified your organisation’s ISMS meets the requirements of the standard. Certification shows clients, partners and regulators that you follow best practice for information security.

How do you get ISO 27001 certification?
To achieve ISO 27001 certification, an organisation must:

  1. Define the scope of its ISMS.
  2. Conduct a risk assessment and apply security controls.
  3. Document and implement policies, procedures and processes.
  4. Undergo an external audit from an accredited certification body.

Most businesses seek expert support, such as consultancy or toolkits, to streamline the process.

How many controls are in ISO 27001?: The 2022 version of ISO 27001 references 93 controls grouped into four themes: organisational, people, physical and technological. These controls are detailed in Annex A of the standard.

What is ISO 27001 compliance?: ISO 27001 compliance means your organisation has implemented the policies, procedures and controls required by the standard, but may not yet have external certification. Compliance shows alignment with best practice, while certification provides independent verification.

How long does ISO 27001 certification last?: An ISO 27001 certificate is valid for three years, subject to annual surveillance audits. After three years, a recertification audit is required to maintain certification.

Is ISO 27001 GDPR compliant?: ISO 27001 is not the same as GDPR compliance, but it supports it. The standard provides a structured framework for protecting personal data, helping organisations demonstrate that they have appropriate security measures in place to meet GDPR requirements.

What does ISO 27001 stand for?: ISO refers to the International Organization for Standardization, and 27001 is the number assigned to the standard covering information security management systems (ISMS).

Ready to simplify your security? Let’s get started.

Having led the world’s first ISO 27001 certification project, we are the global pioneer of the Standard. Let us share our expertise and support you on your journey to ISO 27001 compliance.

ISO/IEC 27001 2022 Standard

Certified ISO 27001:2022 ISMS Foundation Training Course

Certified ISO 27001:2022 ISMS Lead Auditor Training Course

Certified ISO 27001:2022 ISMS Lead Implementer Training Course

ISO 27001 Toolkit

Information Security & ISO27001 Staff Awareness E-Learning Course

ISO/IEC 27001:2022 – An introduction to information security and the ISMS standard

Nine Steps to Success – An ISO 27001:2022 implementation overview

Back to news

Keep reading

Uncategorized

Test Gated Post

01 December 2025

·

Knowledge

What is Cyber Security? Definition and Best Practices

28 November 2025

·

Knowledge

UK Government Minimum Cyber Security Standard

28 November 2025

·

Knowledge

Transitioning to ISO 27001:2022 | GRC Solutions

28 November 2025

·

Knowledge

SWIFT CSCF Compliance | IT Governance Ltd

28 November 2025

·

Knowledge

Speak to a cyber security expert

28 November 2025

·

Knowledge

What is Social Engineering? Examples & Prevention Tips

28 November 2025

·

Knowledge

Securities and Exchange Commission Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure

28 November 2025

·

Knowledge

The Sarbanes-Oxley Act | GRC Solutions

27 November 2025

·

Knowledge

What is Phishing? Attack Techniques & Prevention Tips

27 November 2025

·

Knowledge

NIST Cybersecurity Framework (CSF) | GRC Solutions

27 November 2025

·

Knowledge

Operators of Essential Services and the NIS Regulations

27 November 2025

·

Knowledge

Digital Service Providers and the NIS Regulations

26 November 2025

·

Knowledge

NIS Regulations: Cyber Assessment Framework

26 November 2025

·

Knowledge

The NIS Directive and NIS Regulations

26 November 2025

·

Knowledge

Management system integration

26 November 2025

·

Knowledge

ITSM (IT Service Management)

26 November 2025

·

Knowledge

GRC Solutions ITIL and ITSM books

26 November 2025

·

Knowledge

ITIL®

26 November 2025

·

Knowledge

IT Governance: definition & explanation

26 November 2025

·

Knowledge

ISO 27701

26 November 2025

·

Knowledge

ISO 27017 and ISO 27018 Cloud security | GRC Solutions

26 November 2025

·

Knowledge

ISO 27005

26 November 2025

·

Knowledge

ISO 27001 Risk Assessments

26 November 2025

·

Knowledge

FastTrack™ | ISO 27001 | GRC Solutions

26 November 2025

·

Knowledge

Typical ISO 27001 certification costs

26 November 2025

·

Knowledge

Key Benefits of ISO 27001 Certification

26 November 2025

·

Knowledge

ISO/IEC 27001:2022 and ISO/IEC 27002:2022

26 November 2025

·

Knowledge

iso27001 2022 transition training

26 November 2025

·

Knowledge

iso27000 family

26 November 2025

·

Knowledge

ISO22301 business continuity standard

26 November 2025

·

Knowledge

ISO20000

21 November 2025

·

Knowledge

ISO9001 Quality Management Standards

21 November 2025

·

Knowledge

ISMS Benefits

21 November 2025

·

Knowledge

Infosec

21 November 2025

·

Knowledge

Implementing ISO27001

21 November 2025

·

Knowledge

GDPR and ISO 27001

21 November 2025

·

Knowledge

Gambling Commission Compliance

21 November 2025

·

Knowledge

Federal Cybersecurity and Privacy Laws

21 November 2025

·

Knowledge

EU Digital Operational Resilience Act

21 November 2025

·

Knowledge

EU Cybersecurity Act

21 November 2025

·

Knowledge

Email Security

21 November 2025

·

Knowledge

DFARS

21 November 2025

·

Knowledge

Data Classification Software

21 November 2025

·

Knowledge

Cyber Threats

21 November 2025

·

Knowledge

Cyber Security Standards

21 November 2025

·

Knowledge

Cyber Security Risk Management

21 November 2025

·

Knowledge

Cyber Security Risk Assessment

21 November 2025

·

Knowledge

Cyber Security Consultancy Services

21 November 2025

·

Knowledge

Cyber Resilience Framework

21 November 2025

·

Knowledge

Cyber Resilience

20 November 2025

·

Knowledge

Cyber Incident Response

20 November 2025

·

Knowledge

Cyber Crime

20 November 2025

·

Knowledge

Compliance

20 November 2025

·

Knowledge

Cloud Security

20 November 2025

·

Knowledge

Capability Maturity Model

20 November 2025

·

Knowledge

Business Resilience

20 November 2025

·

Knowledge

Benefits of ISO 22301

20 November 2025

·

Knowledge

BC DR

20 November 2025

·

Knowledge

Advanced Persistent Threats APT

20 November 2025

·

Knowledge

Accredited Certification

20 November 2025

·

Articles

SOC reporting

20 November 2025

·

Knowledge

The pecr and eu eprivacy directive

20 November 2025

·

Knowledge

GDPR privacy compliance framework and standards

20 November 2025

·

Knowledge

GDPR Data Mapping

20 November 2025

·

Knowledge

GDPRConsultancy

20 November 2025

·

Knowledge

GDPR Compliance with ISO 27001

20 November 2025

·

Knowledge

GDPR Anniversary

20 November 2025

·

Knowledge

ePrivacy Regulation EPR

20 November 2025

·

Knowledge

DPO as a Service

20 November 2025

·

Knowledge

DPA and GDPR penalties

20 November 2025

·

Knowledge

GDPR Gap Analysis

19 November 2025

·

Knowledge

DPA 2018 part 4 intelligence processing

19 November 2025

·

Knowledge

DPA 2018 part 3 law enforcement processing

19 November 2025

·

Knowledge

DPA 2018

19 November 2025

·

Knowledge

Data subject access requests

19 November 2025

·

Knowledge

Data Sovereignty and the Cloud

19 November 2025

·

Knowledge

Data protection officer dpo under the gdpr

19 November 2025

·

Knowledge

Data Protection dpa and eu data protection regulation

19 November 2025

·

Knowledge

Data Protection

19 November 2025

·

Knowledge

Data Privacy

19 November 2025

·

Knowledge

Data Governance

19 November 2025

·

Knowledge

Data Breaches

19 November 2025

·

Knowledge

Articles of the GDPR

19 November 2025

·

Knowledge

PCI DSS | What It Is and How to Comply

19 November 2025

·

Knowledge

Vulnerability testing for Cyber Essentials

19 November 2025

·

Knowledge

Cyber Essentials: Secure Configuration

19 November 2025

·

Knowledge

Cyber Essentials: Patch Management

19 November 2025

·

Knowledge

Cyber Essentials: Malware Protection

19 November 2025

·

Knowledge

ISO 27001 and the Cyber Essentials Scheme

19 November 2025

·

Knowledge

Defining the scope for Cyber Essentials certification

19 November 2025

·

Knowledge

The Cyber Essentials Scheme

19 November 2025

·

Knowledge

Cyber Essentials Repeat Testing and Assessment Fees

18 November 2025

·

Knowledge

The Cyber Essentials SAQ (Self-Assessment Questionnaire)

18 November 2025

·

Knowledge

Cyber Essentials for the MOD Supply Chain

18 November 2025

·

Knowledge

Cyber Essentials FAQs

18 November 2025

·

Knowledge

Cyber Essentials Benefits

18 November 2025

·

Knowledge

Cyber Essentials: Boundary Firewalls and Internet Gateways

18 November 2025

·

Case Study

Cyber Essentials Plus Case Study

18 November 2025

·

Knowledge

Cyber Essentials: User Access Control

18 November 2025

·

Knowledge

What is AI governance and why does it matter?

18 November 2025

·

Knowledge

ISO 42001: What it is and why it matters for AI management

18 November 2025

·

Knowledge

The EU AI Act: what it means for your organisation and how to comply

18 November 2025

·

White Papers

CISSP study planner

18 November 2025

·

Blog

IT Standards | GRC Solutions

18 November 2025

·

Blog

Become an GRC Solutions channel partner

18 November 2025

·

White Papers

Ethical Hacking Career Roadmap

17 November 2025

·

White Papers

Cyber Essentials – 2025 Scheme Changes: What You Need to Know

17 November 2025

·

Articles

Global Data Breaches and Cyber Attacks in October 2025 – At Least 21.2 Million Breached Records

14 November 2025

·

Articles

GRC Solutions Named Among the UK’s Top 20 Cyber Security Innovators

14 November 2025

·

Articles

Data Leakage Prevention and Data Deletion – ISO 27001 Controls 8.12 and 8.12 Explained

13 November 2025

·

Articles

Threat Intelligence – ISO 27001:2022 Control 5.7 Explained

06 November 2025

·

Articles

How DORA fits with ISO 27001, NIS2 and the GDPR

03 November 2025

·

Articles

CISM Exam Tips from a Consultant: Five Insider Insights to Help You Pass

03 November 2025

·

Articles

How To Comply with ISO 27001’s New Cloud Services Control

03 November 2025

·

Articles

What DORA Means for ICT Suppliers: MSPs, SaaS and Cloud in Scope

31 October 2025

·

Knowledge

Cyber Security Must Be a Board Priority – And It Starts With Cyber Essentials

28 October 2025

·

Articles

Top 5 Skills Every ISO 27001 Internal Auditor Needs

22 October 2025

·

Articles

AWS Outage: A Supply-Chain Security Lesson

21 October 2025

·

Articles

Global Encryption Day: Why Encryption Is a Core Requirement

21 October 2025

·

Articles

Why You Need Cyber Resilience and Defence in Depth

21 October 2025

·

Articles

ISO 27001:2022 Clause 6 – What’s Changed and What You Need to Do About It

21 October 2025

·

Articles

4 reasons to get CISMP qualified

20 October 2025

·

Articles

CISM vs CISSP: Which Certification is Right for You in 2025

17 October 2025

·

Articles

CISMP vs Security+: Which Certification is Right for You in 2025?

15 October 2025

·

Articles

ISO 27001 for Non-IT Roles: A Beginner’s Guide

15 October 2025

·

Articles

CRISC Salary & Career in the UK: What to Expect in 2025

10 October 2025

·

Articles

5 Practical Skills You’ll Gain from a GDPR Practitioner Course

10 October 2025

·

Articles

ISO 27001 Internal vs Lead Auditor Training Compared

10 October 2025

·

Articles

Global Data Breaches and Cyber Attacks in September 2025: Nearly 2 Million Records Exposed and Potentially 1.5 Billion More

08 October 2025

·

Articles

Is CISM Worth It? Salary, Career Value & Employer Demand in 2025

06 October 2025

·

Knowledge

5 Common GDPR Mistakes – and How Training can Fix Them

06 October 2025

·

Articles

5 Reasons ISO 27001 Implementations Fail (and How to Avoid Them)

03 October 2025

·

Articles

Our Experts’ Views on the Jaguar Land Rover Cyber Attack

01 October 2025

·

Knowledge

A Guide to the EU GDPR’s Requirements for an EU Representative

01 October 2025

·

Knowledge

Who Needs ISO 27001 Foundation Training?

01 October 2025

·

Knowledge

Human Error and Accidental Data Breaches: Lessons from Recent Cases

01 October 2025

·

Articles

How to Become a DPO (Data Protection Officer) in the UK

29 September 2025

·

Articles

How to Get Cyber Essentials Certified in 2025: Updated Steps and Key Changes

26 September 2025

·

Knowledge

GDPR Foundation vs Awareness Training: Which is Right for Your Team?

25 September 2025

·

Blog

The Data Protection Officer (DPO) Role – A beginner’s guide

25 September 2025

·

Articles

CISSP® Exam Myths: What Learners Get Wrong

22 September 2025

·

Articles

UK GDPR Representative Services: What You Need to Know

19 September 2025

·

Articles

How to Maintain ISO 27001 Certification: 7 Top Tips

16 September 2025

·

Articles

3 ISO 27001:2022 Controls That Help Secure Your Cloud Services

15 September 2025

·

Articles

How ISO 27001 Helps You Comply With DORA

15 September 2025

·

White Papers

Free White Paper: The EU AI Act and ISO 42001 – A Beginner’s Guide

13 September 2025

·

Knowledge

GDPR Data Protection Impact Assessments: The 7 Key Stages of the DPIA Process

10 September 2025

·

Articles

Global Data Breaches and Cyber Attacks in August 2025: over 17.3 million records exposed

08 September 2025

·

Knowledge

Cyber Essentials: The 5 Cost-Effective Security Controls Everyone Needs

19 August 2025

·

Articles

Nine Steps to SOC 2 Compliance – Including a SOC 2 Readiness Checklist

14 August 2025

·

Articles

Global Data Breaches and Cyber Attacks in July 2025: over 14.9 million records exposed

12 August 2025

·

Articles

Data Protection Enforcement: Your Cookie Compliance Questions Answered

08 August 2025

·

Knowledge

A Guide to TOMs (Technical and Organisational Measures) Under the GDPR

06 August 2025

·

Articles

What are the Different Types of Penetration Test?

05 August 2025

·

Knowledge

The Six Data Processing Principles of the UK GDPR Explained

01 August 2025

·

Articles

The 4 CRISC Domains Explained

28 July 2025

·

Articles

What Are ISO 27017 and ISO 27018, and What Are Their Controls?

23 July 2025

·

Articles

The 9 CISMP Domains Explained

21 July 2025

·

Articles

How One Weak Password Destroyed a 158-Year-Old Company

21 July 2025

·

Knowledge

Nine Steps to Conducting a GDPR Gap Analysis

18 July 2025

·

Knowledge

Are You Ready for Cyber Essentials?

18 July 2025

·

Knowledge

How to Write a GDPR Data Retention Policy – with template

16 July 2025

·

Articles

The 4 CISM Domains Explained

14 July 2025

·

Articles

Choosing the Right PCI DSS SAQ: A Practical Guide

11 July 2025

·

Articles

Information Security vs Cyber Security: The Difference

09 July 2025

·

Articles

The 5 CISA Domains Explained

07 July 2025

·

Articles

How ISO 42001 supports EU AI Act compliance

04 July 2025

·

Articles

Global Data Breaches and Cyber Attacks in June 2025: Over 16 billion records exposed

04 July 2025

·

Articles

7 Steps to a Successful ISO 27001 Risk Assessment (Updated for 2025)

02 July 2025

·

Knowledge

How to Write a GDPR Data Protection Policy (Updated for 2025)

01 July 2025

·

Articles

Building Your Cyber Security Career: The Credentials Needed for Management and Specialist Roles

30 June 2025

·

Knowledge

How to Respond to a DSAR (Data Subject Access Request) 

30 June 2025

·

Knowledge

How to Write a GDPR Data Privacy Notice – Updated Guide and Template for 2025

24 June 2025

·

Knowledge

The Critical Role of a DPO: Why Outsourcing is the Smart Choice

20 June 2025

·

Knowledge

The Data (Use and Access) Act and How it Affects the UK GDPR and DPA 2018, and PECR

19 June 2025

·

Articles

Understanding the CIA Triad in 2025: A Cornerstone of Cyber Security

18 June 2025

·

Articles

Global Data Breaches and Cyber Attacks in May 2025 – More Than 1.4 Billion Records Breached

17 June 2025

·

Articles

Penetration Testing for SaaS Providers: Building Trust and Security

12 June 2025

·

Articles

How to Start Your Career in Data Protection and Privacy

10 June 2025

·

Knowledge

GDPR Documentation: The Documents You Need to Comply with the UK and EU GDPR

09 June 2025

·

Articles

How to FastTrack your ISO 27001 ISMS Implementation and Certification

05 June 2025

·

Articles

Author of the Month: Bridget Kenyon

04 June 2025

·

cctv

Articles

CCTV and the GDPR in 2025: What Employers Must Know

03 June 2025

·

Knowledge

The GDPR in 2025: What’s the Difference between Personal Data and Special Category Data?

03 June 2025

·

Articles

Data Protection Gap Analysis: Identifying Weak Spots Before Regulators Do

29 May 2025

·

Knowledge

Lessons Learned from the Legal Aid Agency Data Breach

22 May 2025

·

Articles

How to Spot a Phishing Email in 2025 –with Real Examples and Red Flags

16 May 2025

·

Articles

The Co-op, M&S, Harrods… You? Mitigating the Risk of Ransomware

13 May 2025

·

Articles

The 8 CISSP domains explained

08 May 2025

·

Articles

Windows 10 End of Life: What Does it Mean for Your Organisation?

02 May 2025

·

Articles

Author of the Month: Richard Bingley

01 May 2025

·

Articles

Author of the Month: Andrew Pattison

01 April 2025

·

Knowledge

The Cyber Essentials Scheme’s 2025 Update and What it Means for Your Organisation

20 March 2025

·

Knowledge

What It Takes to Be Your Organisation’s DPO or Data Privacy Lead

20 January 2025

·

Articles

Free Expert Insights: Index of Interviews

15 January 2025

·

Articles

How Can Organisations Transition to ISO 27001:2022?

14 January 2025

·

Articles

The Benefits of Becoming an Ethical Hacker

13 January 2025

·

Knowledge

Step-by-Step Guide to Achieving GDPR Compliance

08 January 2025

·

Articles

How You Can Continually Improve Your ISO 27001 ISMS (Clause 10)

06 January 2025

·

Knowledge

How a GDPR Gap Analysis Helps Secure Support From Senior Management

11 December 2024

·

Articles

How to Select Effective Security Controls

09 December 2024

·

Articles

Cyber Threats During the Holidays: How to Stay Safe From Seasonal Scams and Data Breaches

04 December 2024

·

Knowledge

Cyber Essentials vs ISO 27001: Key Differences

02 December 2024

·

Articles

Meet the Hacker: How Simulated Phishing Addresses Your Biggest Security Risk

27 November 2024

·

Articles

Breaking In to Keep Hackers Out: The Essential Work of Penetration Testers

25 November 2024

·

Knowledge

How Do the Cyber Essentials and Cyber Essentials Plus Assessments Work?

20 November 2024

·

Articles

How to Create a Strong Security Culture

18 November 2024

·

Articles

Your Biggest Security Risk: The Insider Threat

13 November 2024

·

Articles

Layering Defences to Safeguard Sensitive Data Within AI Systems

11 November 2024

·

Knowledge

How Organisations Are Failing to Process Personal Data Lawfully Under the GDPR

04 November 2024

·

Articles

The 6 CCSP Domains Explained

30 October 2024

·

Knowledge

GDPR: International Data Transfers Using the IDTA, SCCs or BCRs

28 October 2024

·

Articles

Strategies for Securing Your Supply Chain

23 October 2024

·

Articles

How to Meet the NCSC’s 14 Cloud Security Principles

21 October 2024

·

Articles

The Insider Threat: Strategies to Safeguard Against Malicious Insiders

16 October 2024

·

Knowledge

GDPR: Data Subject Rights and Organisations’ Responsibilities

14 October 2024

·

Knowledge

How Do You Demonstrate Accountability Under the GDPR?

08 October 2024

·

Articles

Security Risks of Outsourcing to the Cloud: Who’s Responsible?

03 October 2024

·

Articles

7 Steps to Prepare for PCI DSS Audit Success

01 October 2024

·

Articles

How to Overcome Unconscious Bias in the Workplace

24 September 2024

·

White Papers

GDPR Benchmark Report: Compliance Insights

17 September 2024

·

Articles

8 Ways to Reduce Your PCI DSS Compliance Burden

17 September 2024

·

Articles

How to Address AI Security Risks With ISO 27001

12 September 2024

·

Articles

How to Write a Modern Slavery Statement – 6-Step Guide

10 September 2024

·

Articles

How Do You Mitigate Information Security Risk?

05 September 2024

·

Articles

Where to Start with Cyber Security Risk Management

29 August 2024

·

Articles

Tips for Environmental Sustainability at Work and How ISO 14001 Can Help

27 August 2024

·

Knowledge

What Is Access Control and Why Do Cyber Essentials and ISO 27001 Require It?

21 August 2024

·

Knowledge

A Guide to GDPR International Transfers

20 August 2024

·

Articles

Online Merchants: PCI DSS Compliance Tips When Outsourcing

15 August 2024

·

Articles

Are You Meeting Your Occupational Health & Safety Requirements?

13 August 2024

·

Knowledge

Streamlining GDPR Compliance With ROPAs, Data Flow Maps and DPIAs

08 August 2024

·

Articles

5 Cyber Security and ISO 27001 Myths

01 August 2024

·

Articles

CrowdStrike: Lessons on the Importance of Contracts, Insurance and Business Continuity

30 July 2024

·

Articles

How to Easily Meet the PCI DSS Awareness Training Requirements

25 July 2024

·

Articles

ISO 27001:2022 Transition Challenges and How to Use ISO 27002

18 July 2024

·

Articles

Analysing Data Breaches Caused by Human Error

16 July 2024

·

Articles

The Good, the Bad and the Improvable of PCI DSS v4

11 July 2024

·

Articles

‘RockYou2024’: Nearly 10 BILLION Unique Plaintext Passwords Leaked

10 July 2024

·

Knowledge

GDPR Article 28 Contracts: What You Need to Know

09 July 2024

·

Knowledge

Records of Processing Activities (ROPAs): Simplifying GDPR Compliance

04 July 2024

·

Articles

Security Trends for 2024 and Beyond

28 June 2024

·

Articles

Creating an AI Policy – A Guide for SMEs

10 June 2024

·

Articles

Worrying Ransomware Trends, and What to Do About Them

07 June 2024

·

Articles

Security Tips and Concerns for Remote Working

31 May 2024

·

Articles

A Practical Guide to Cyber Incident Response

24 May 2024

·

Articles

ISO 27001 and Physical Security

15 May 2024

·

Articles

6,009,014 MovieBoxPro Accounts Breached in Another Data Scraping Incident

07 May 2024

·

Articles

Global Data Breaches and Cyber Attacks in 2024

02 May 2024

·

Articles

Global Data Breaches and Cyber Attacks in April 2024 – 5,336,840,757 Records Breached

02 May 2024

·

Articles

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

29 April 2024

·

Articles

Looking Back on the Channel Partner Event and Awards 2024

24 April 2024

·

Articles

The Week in Cyber Security and Data Privacy: 15 – 21 April 2024

22 April 2024

·

Articles

Cyber Defence in Depth: An Expert’s Overview

19 April 2024

·

Articles

The Week in Cyber Security and Data Privacy: 8 – 14 April 2024

15 April 2024

·

Articles

The Week in Cyber Security and Data Privacy: 1 – 7 April 2024

09 April 2024

·

Articles

Global Data Breaches and Cyber Attacks in March 2024 – 299,368,075 Records Breached

04 April 2024

·

Articles

An Expert Overview of CISM®

04 April 2024

·

Articles

The Week in Cyber Security and Data Privacy: 25 – 31 March 2024

02 April 2024

·

Articles

The Week in Cyber Security and Data Privacy: 18 – 24 March 2024

25 March 2024

·

Articles

The False Economy of Deprioritising Security

20 March 2024

·

Articles

The Week in Cyber Security and Data Privacy: 11 – 17 March 2024

18 March 2024

·

Articles

ISO 27001:2022 Annex A Controls Explained

13 March 2024

·

Articles

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

11 March 2024

·

Articles

Global Data Breaches and Cyber Attacks in February 2024 – 719,366,482 Records Breached

05 March 2024

·

Articles

The Week in Cyber Security and Data Privacy: 26 February – 3 March 2024

05 March 2024

·

Articles

The Week in Cyber Security and Data Privacy: 19 – 25 February 2024

27 February 2024

·

Knowledge

Ashley Brett on Cyber Essentials Solutions

21 February 2024

·

Articles

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

21 February 2024

·

Articles

Maintaining GDPR and Data Privacy Compliance in 2024

16 February 2024

·

Articles

Sophie Sayer on the IT Governance Partner Programme

14 February 2024

·

Articles

The Week in Cyber Security and Data Privacy: 5 – 11 February 2024

14 February 2024

·

Articles

Your CVSS Questions Answered

09 February 2024

·

Articles

Elearning Staff Awareness Course Overview: Ransomware

07 February 2024

·

Articles

The Week in Cyber Security and Data Privacy: 29 January – 4 February 2024

06 February 2024

·

Articles

Global Data Breaches and Cyber Attacks in January 2024 – 29,530,829,012 Records Breached

05 February 2024

·

Articles

Expert Insight: Vanessa Horton on Anti-Forensics

02 February 2024

·

Articles

The Week in Cyber Security and Data Privacy: 22 – 28 January 2024

30 January 2024

·

Articles

‘Mother of All Breaches’: 26 BILLION Records Leaked

24 January 2024

·

Articles

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

23 January 2024

·

Articles

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

16 January 2024

·

Articles

The Week in Cyber Security and Data Privacy: 1 – 7 January 2024

09 January 2024

·

Articles

List of Data Breaches and Cyber Attacks in 2023 – 8,214,886,660 records breached

05 January 2024

·

Articles

Global Data Breaches and Cyber Attacks in December 2023 – 2,241,916,765 Records Breached

05 January 2024

·

Articles

Expert Insight: Adam Seamons on Zero-Trust Architecture

05 January 2024

·

Articles

The Weeks in Cyber Security and Data Privacy: 18 – 31 December 2023

04 January 2024

·

Articles

The Third-Party Threat for Financial Organisations

22 December 2023

·

Knowledge

Sam McNicholls-Novoa on CyberComply

20 December 2023

·

Articles

The Week in Cyber Security and Data Privacy: 11 – 17 December 2023

19 December 2023

·

Articles

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

11 December 2023

·

Articles

Data Breaches and Cyber Attacks in November 2023 – 519,111,354 Records Breached

05 December 2023

·

Articles

The Week in Cyber Security and Data Privacy: 27 November – 3 December 2023

05 December 2023

·

Articles

Expert Insight: Cliff Martin

28 November 2023

·

Articles

The Week in Cyber Security and Data Privacy: 20 – 26 November 2023

28 November 2023

·

Articles

Alan Calder on Cyber Resilience

24 November 2023

·

Articles

Risk Management under the DORA Regulation

23 November 2023

·

Articles

The Week in Cyber Security and Data Privacy: 13 – 19 November 2023

20 November 2023

·

Articles

Catches of the Month: Phishing Scams for November 2023

17 November 2023

·

Articles

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

13 November 2023

·

Articles

The Week in Cyber Security and Data Privacy: 30 October – 5 November 2023

06 November 2023

·

Articles

Expert Insight: Andrew Snow

06 November 2023

·

Articles

Data Breaches and Cyber Attacks in October 2023 – 867,072,315 Records Breached

03 November 2023

·

Articles

The Week in Cyber Security and Data Privacy: 23 – 29 October 2023

31 October 2023

·

Articles

Expert Insight: Stephen Hancock on SAQ SPoC

30 October 2023

·

Articles

The Week in Cyber Security and Data Privacy: 16 – 22 October 2023

24 October 2023

·

Articles

IT Governance Podcast 20.10.23: Casio, Cisco, MOVEit (again) and the ICC

23 October 2023

·

Articles

Catches of the Month: Phishing Scams for October 2023

13 October 2023

·

Articles

IT Governance Podcast 6.10.23: TikTok, Sony and MOVEit and DarkBeam

06 October 2023

·

Articles

List of Data Breaches and Cyber Attacks in September 2023 – 3,808,687,191 Breached Records

05 October 2023

·

Articles

Royal Family’s Website Targeted by Denial-of-Service Attack

02 October 2023

·

Articles

IT Governance Podcast 22.09.23: MGM Resorts, Microsoft Azure, International Criminal Court

22 September 2023

·

Articles

MGM Resorts suffers ransomware infection following social engineering attack

18 September 2023

·

Articles

Catches of the Month: Phishing Scams for September 2023

15 September 2023

·

Articles

IT Governance Podcast 08.09.23: Electoral Commission (again), Meta, Pôle emploi

07 September 2023

·

Articles

List of Data Breaches and Cyber Attacks in August 2023 – 79,729,271 Records Breached

06 September 2023

·

Articles

IT Governance Podcast 25.8.23: Tesla, Duolingo, Lapsus$ trial

24 August 2023

·

Articles

IT Governance Podcast 11.8.23: Electoral Commission, PSNI, Capita

10 August 2023

·

Articles

Catches of the Month: Phishing Scams for August 2023

07 August 2023

·

Articles

What is Vishing? Definition, Examples and Prevention

03 August 2023

·

Articles

List of Data Breaches and Cyber Attacks in July 2023 – 146 Million Records Breached

01 August 2023

·

Articles

What is Tailgating? Definition, Examples & Prevention

27 July 2023

·

Articles

Norwegian Government Hit by Widespread Cyber Attack

24 July 2023

·

Articles

What is Smishing? Definition, Examples and Prevention

19 July 2023

·

Articles

IT Governance Podcast 14.7.23: EU-US DPF, UK-US data bridge, MOVEit patches and other security fixes

13 July 2023

·

Articles

Red Team vs Blue Team: What’s the Difference?

13 July 2023

·

Articles

Data Breaches and Cyber Attacks Quarterly Review: Q2 2023

11 July 2023

·

Articles

Catches of the Month: Phishing Scams for July 2023

06 July 2023

·

Articles

List of Data Breaches and Cyber Attacks – June 2023

04 July 2023

·

Articles

IT Governance Podcast 30.6.23: ChatGPT, LetMeSpy and MS Teams, plus Alan Calder on cyber security

29 June 2023

·

Articles

Phone-Tracking App LetMeSpy Says It Has Been Hacked

29 June 2023

·

Articles

How to Recover From a Cyber Attack

27 June 2023

·

Articles

100,000 ChatGPT Accounts Hacked in Malware Attack

22 June 2023

·

Articles

10 Ways to Prevent Phishing Attacks in 2023

21 June 2023

·

Articles

IT Governance Podcast 16.6.23: MOVEit, LinkedIn, Spotify and Google Bard

15 June 2023

·

Articles

Ofcom Becomes the Latest Victim of MOVEit Supply Chain Attack

15 June 2023

·

Articles

API Penetration Testing Checklist

13 June 2023

·

Articles

51 Must-Know Phishing Statistics for 2023

08 June 2023

·

Articles

Catches of the Month: Phishing Scams for June 2023

06 June 2023

·

Articles

IT Governance Podcast 2.6.23: Capita, NHS, Meta, GDPR, DPDI Bill and Alan Calder on cyber regtech

01 June 2023

·

Articles

List of Data Breaches and Cyber Attacks – May 2023

01 June 2023

·

Articles

What is a DoS Attack?

31 May 2023

·

Knowledge

GDPR Article 32: Your Guide to the Requirements

23 May 2023

·

Articles

IT Governance Podcast 19.5.23: A Capita special, featuring pension providers, Colchester City Council and Alan Calder’s analysis

18 May 2023

·

Articles

What Is a Brute Force Attack? Definition, Prevention and Examples

17 May 2023

·

Articles

Eurovision Organisers Concerned About the Threat of Cyber Attacks

11 May 2023

·

cyber-essentials

Knowledge

Cyber Essentials Pricing in 2023: What You Need to Know

10 May 2023

·

Articles

Catches of the Month: Phishing Scams for May 2023

10 May 2023

·

Articles

IT Governance Podcast 5.5.23: ChatGPT, LockBit, T-Mobile and Alan Calder on cyber security for boards

04 May 2023

·

Articles

List of Data Breaches and Cyber Attacks in April 2023 – 4.3 Million Records Breached

02 May 2023

·

Articles

World Economic Forum: Organisations Must Invest in Security as ‘Catastrophic Cyber Event’ Looms

27 April 2023

·

Articles

IT Governance Podcast 21.4.23: Capita, Chrome, LockBit for Macs and Alan Calder on cyber security

20 April 2023

·

Articles

Capita Admits That Its ‘Cyber Incident’ Was Ransomware and That Customer Data Was Breached

20 April 2023

·

Articles

What Is Data Minimisation? Definition & Examples

18 April 2023

·

Articles

Data Breaches and Cyber Attacks Quarterly Review: Q1 2023

13 April 2023

·

Articles

April 2023’s Catch of the Month: Uncovering Phishing Scams

11 April 2023

·

Articles

IT Governance Podcast 2023-7: Capita, ChatGPT and TikTok (yet again)

05 April 2023

·

Articles

How to Prevent Malware Attacks: 8 Tips for 2023

05 April 2023

·

Articles

List of Data Breaches and Cyber Attacks in March 2023 – 41.9 Million Records Breached

03 April 2023

·

Knowledge

GDPR Article 17: What Is the Right to Erasure?

30 March 2023

·

Articles

Data Backups Are for Life, Not Just for World Backup Day

28 March 2023

·

Articles

IT Governance Podcast 2023-6: Ferrari, Dole, TikTok (again), Android

23 March 2023

·

Articles

TikTok Banned on UK Government Devices

16 March 2023

·

Articles

3 reasons cyber security training is essential

09 March 2023

·

Articles

IT Governance Podcast 2023-5: WH Smith, the Data Protection and Digital Information Bill, TikTok

09 March 2023

·

Articles

Catches of the Month: Phishing Scams for March 2023

07 March 2023

·

cyber-essentials

Knowledge

Cyber Essentials is Updating its Technical Requirements

02 March 2023

·

Monthly data breach blog cover - February

Articles

List of Data Breaches and Cyber Attacks in February 2023 – 29.5 Million Records Breached

01 March 2023

·

Articles

IT Governance Podcast 2023-4: EU-US Data Privacy Framework, Twitter 2FA, GoDaddy, HardBit 2.0

23 February 2023

·

Articles

Twitter’s Security Move: Charging Users for SMS Two-Factor Authentication

23 February 2023

·

Articles

Is Pepsi Okay? Bottling Plant Suffers Malware Attack

16 February 2023

·

Articles

IT Governance Podcast 2023-3: Bank security flaws ranked, ION ransom paid, MP hacked

09 February 2023

·

Articles

Phishing Alert: February 2023’s Notable Scams

07 February 2023

·

Articles

How to Investigate a Cyber Incident: 5-Step Guide

02 February 2023

·

Articles

List of Data Breaches and Cyber Attacks in January 2023 – 277.6 Million Records Breached

01 February 2023

·

Articles

IT Governance Podcast 2023-2: Mailchimp, fast food, T-Mobile, ice rinks, iOS update and ISO 27001

26 January 2023

·

Articles

What Are You Doing for Data Protection Day?

25 January 2023

·

Articles

NortonLifeLock Says Customer Accounts were Compromised in Credential-Stuffing Attack

19 January 2023

·

Articles

7 Ways to Avoid Physical Security Threats in the Workplace

17 January 2023

·

Articles

IT Governance Podcast 2023-1: more ransomware attacks on the education sector, and DPC and Meta sued

13 January 2023

·

Articles

Catches of the Month: Phishing Scams for January 2023

12 January 2023

·

Articles

Data Breaches and Cyber Attacks in 2022: 480 Million Breached Records

10 January 2023

·

Articles

Criminal Hackers Leak Email Addresses of 220 Million Twitter Users

05 January 2023

·

Articles

List of data breaches and cyber attacks in December 2022 – 31.5 million records breached

03 January 2023

·

White Papers

GDPR – A compliance guide

17 August 2021

·