• 5 Posts
  • 3 Comments
Joined 1 year ago
cake
Cake day: June 13th, 2023

help-circle


  • The controls themselves are not hard to understand. Writing policies describing these controls is also not that hard. But: changing the way an organization is working, in terms of habits, documentation, information management, how we collaborate - that can be really, really hard. So even if the requirements in ISO 27001 and the controls guidance in ISO 27002 look straight forward from a technical point of view, it is not easy to change the way of working for a whole organization! It requires leadership, it requires resources, and enough competent people with internal social capital to help support and drive the change. This is why an ISO 27001 journey is usually not just smooth sailing.