Start here
iso27001blog.com publishes vendor-neutral, evidence-based articles for security officers, auditors, and KMO leaders navigating ISO 27001 and NIS2. Curated in partnership with RGI bv consultancy.
All 93 Annex A controls grouped by Organizational, People, Physical, and Technological categories — with practical implementation guidance for each set.
Continue reading →A practical comparison of ISO 27001 and the NIS2 Directive — what overlaps, what doesn't, and why NIS2-obligated organisations should use ISO 27001 as their baseline.
Continue reading →Everything you need to know about writing, maintaining, and defending your Statement of Applicability — the document auditors will spend the most time on.
Continue reading →Honest, evidence-based timelines for ISO 27001 certification across small, medium, and large organisations — including what causes delays.
Continue reading →A clear, jargon-free overview of the 2022 update to ISO 27001: the new Annex A structure, the 11 new controls, and what existing certified organisations must do.
Continue reading →