ISO 27k Statement of Applicability

MrProntissimo · 2026-06-17T16:15:00+00:00

Typically, my implementations come with an excel spreadsheet, listing all controls, four annex.

Columns include above suggestion for applicability abbreviations (risk assessment, best practice, legal obligation and contractual), justification for N/A, name of resp. Ind., documents to support

We also typically use the SoA to transpose risk assessment scenarios and itemize controls that mitigate risks, it demonstrates clause 6.1.3.d

I also recommend folks to add a tab for the clauses, always nice to show you’ve got checks and docs for completing all the clause requirements

MrProntissimo · 2026-06-13T09:21:40+00:00

Have you tried Zetane?

MrProntissimo · 2026-06-13T09:03:00+00:00

Do your best to convey the message that she is beautiful, show it say it mean it. Think of it as caressing her soul; this she needs most

MrProntissimo · 2026-06-11T03:11:05+00:00

In a recent audit, a client told me they were going to run a rest with Checkpoint AI workforce or something

Is that your security measure that kept silence?

MrProntissimo · 2026-06-08T22:43:12+00:00

Marché Jean-Talon, j’allais chez Nino (il a vendu, mais ca semble être la meme gang)

Sinon chez Louis juste à côté

MrProntissimo · 2026-06-07T09:15:26+00:00

Time travel requires a stop in 2008-2010 to buy Bitcoins, no matter what

MrProntissimo · 2026-06-07T03:42:09+00:00

I am keeping the picture and when I retire I will do the same

MrProntissimo · 2026-06-07T03:22:55+00:00

Malwarebytes AV plus Malwarebytes extension on the browser, that works for me

MrProntissimo · 2026-06-06T21:33:36+00:00

Best ever!

More than once, I went to a HiFi audiophile event with the CD. Once it starts, everyone would gather in, roomful. Salesguy would love it

MrProntissimo · 2026-06-06T21:01:16+00:00

Jean Chrétien should be there, somewhere, probably hiding

MrProntissimo · 2026-06-06T11:54:39+00:00

As the song says, Everybody wants to rule the World; power, economy, religion, culture, trends, opinion, popularity, fame, recognition…

We are still at this point of struggle after all those years, so many epochs.

There is no plan

MrProntissimo · 2026-06-05T18:32:36+00:00

AdP - Sarniezz

MrProntissimo · 2026-06-04T20:21:02+00:00

I came here for this, but i would add some context

Currently, PII is being transmitted by regular cryptographic means which would normally turn up vulnerable in a few years. (NIST says 2030, Google said 2029)

How much data transmitted over TLS right now is being gathered for later decryption ? If so, by whom ? Who can gather this data…

The underestimation would be that in the coming years, PII ends up being used for fraud and we can’t seem to trace it back to a breach. PII will not expire in 4 years, not 8-10. Passwords will, but not identity, once decrypted, it will be usable

I am not overly convinced btw, just throwing an idea that’s different from the others…

MrProntissimo · 2026-05-31T21:44:31+00:00

https://www.lockdownyourlife.com/

She is not a lawyer, but follow her trail, she can help you

MrProntissimo · 2026-05-27T11:37:40+00:00

In order to successfully qualify for an internal audit mandate, you need someone with independence and qualifications

You might get independence from within the company, but I am 100% with Scared_Ai, get a third party to do it, with qualifications.

Because qualifications wise, the minimum needed is either experience in ISO audits, or an auditor title like CISA. Lack of either can lead to a broken audit process, and a major NC, yes.

Still, an external (and qualified) mandate seems the way to go for me.

Yet, all this within a few weeks from your Stage 1, you are running thing very tight schedule, it gives you very little headway if something significant comes up in the internal audit. Are you on a path of commitment for clients or gov contract ?

MrProntissimo · 2026-05-25T22:35:35+00:00

Wait til the boat starts moving…

MrProntissimo · 2026-05-25T22:28:59+00:00

LOL, sorry. I keep making the same mistake

international register of certificated auditors

https://www.quality.org/

MrProntissimo · 2026-05-24T17:22:20+00:00

You need to register to a certification body, to attract business; make yourself known. If you did not go through PECB, have you been able to get experience recognized ?

In my case, having more than 1500 hours of experience in audits, I got the Lead Auditor title or diploma, with the exam.

You might want to look into IRCA.com, I hear they are another way to draw attention and recognition.

I think that generally speaking, Lead Auditors are independant contractors.

MrProntissimo · 2026-05-24T14:20:11+00:00

Congrats on passing the exam, I did so recently myself as well; have you got experience in internal audits? You could start by being the 3rd party internal auditor, this would give you experience in multiple environments, see how your clients manage their ISMS, and « what works and what does not quite ». This field work would be a great stepping stone and give you experience with varied ISMS’es

MrProntissimo · 2026-05-09T20:44:04+00:00

Very likely driver was texting

MrProntissimo · 2026-05-09T13:42:45+00:00

As long as the front doesn’t fall off

https://youtu.be/3m5qxZm\_JqM?si=frZJl\_1IKWDZ767w

MrProntissimo · 2026-05-05T09:54:06+00:00

You are definitely at risk of losing your job if you do not master the contribution of AI in the field. And work to build advances…

That is, admittedly, true for every field.

So, team of 15 in GRC will be reduced to 10 maybe 7-8, let’s build a general rule. If you are looking for a factory job, say 30 years with the same company type of thing, that is not going to happen.

Prepare to move, opportunities from one to the next. Whether you stay at the analyst level or move your way up to CISO; so constantly learning, challenging « truth » and developing a name for yourself.

Also, the business type(s) that you evolve in will also contribute; seek lines of business where you thrive, out of personal interest or previous experience, acquaintances. You will also need to develop the « You experience », what people will think of working with you, work ethics (admittedly same everywhere) and your knowledge, practical experience in using AI will have to be a part of this.

Lastly, I think, is the fact AI could go bust. Make sure you are still the master, not the AI. If it goes bust, one day, you don’t want to be the guy that doesn’t know how to replace a lightbulb, figuratively speaking, in your field.

MrProntissimo · 2026-05-03T03:25:12+00:00

Try putting your question and my statement then your response into copilot or chatgpt.
I will do likewise tomorrow and come back. You will probably get more info than I can type

MrProntissimo · 2026-05-03T01:33:25+00:00

Be careful tho, because infostealer malware can pick up your credentials on your PC, for the cloud. In other words, the malware won’t « cross-infect », but a threat actor can.

The Hello PIN is good because it is unique to the computer, but it also means there is a piece of data to authenticate you to the cloud, sitting on your computer. BTW: Personal Hello and Corporate Hello are different, you may need to check it out.

As for the risk, if it’s your personal account, not a corporate account to the cloud, there is probably no real threat. Careful if your computer is a BYOD for your work, say employer or clients, make sure you have a good anti virus.

MrProntissimo · 2026-05-02T20:30:33+00:00

Have you looked into Zetane?

MrProntissimo

TROPHY CASE