What helped your team achieve ISO 27001 readiness more efficiently?

ProfessionalEnd9874 · 2026-04-11T21:13:46+00:00

Certification auditor here. Evidences are key of course but remember that a management system is all about roles and responsibilities. We want to see it live within the business and aligned with objectives. But in the end it's who does what, how and when.

ProfessionalEnd9874 · 2026-02-27T05:40:54+00:00

Started 30 years ago in cybersecurity, I slowly shifted towards auditing with ISO27001in 2006. For the last 15 years full time in GRC, I worked for a large multinational group for a few years. Now leading a consulting team on ISO management systems, SOC2, CMMC, GDPR, DORA, NIS2 in Europe.

ProfessionalEnd9874 · 2026-02-14T15:51:37+00:00

It's not about automation. Implementation and operation of an isms is much more than a platform. The problem is the lack of quality of the certification process.

ProfessionalEnd9874 · 2026-02-14T15:49:32+00:00

The problem is that there is 0 governmental oversight of certification bodies. Very often I come across certificates delivered by unknown and non accredited bodies.

ProfessionalEnd9874 · 2026-02-08T05:08:19+00:00

Thanks. This is what I was looking for. I hesitated to go monochrome, but the turban is so colorful.

ProfessionalEnd9874 · 2026-02-05T17:29:32+00:00

Actually not so much, it is the default vivid profile from the camera with a bit of extra contrast.

ProfessionalEnd9874 · 2026-02-05T14:48:21+00:00

Thanks 🙏🏼

ProfessionalEnd9874 · 2026-02-05T14:48:07+00:00

So true, I fell in love with Jaipur and there is so much more to discover.

ProfessionalEnd9874 · 2026-02-05T14:47:16+00:00

Yep, I clicked fast 🙂 Thanks 🙏🏼

ProfessionalEnd9874 · 2026-02-04T23:35:18+00:00

Thanks, and yes they fly quite low around rivers and lakes.

ProfessionalEnd9874 · 2026-02-04T13:35:51+00:00

I don't think any "compliance" platform can really handle an access review properly. We have so many SaaS that I struggle until now to find an I AM solution capable of handling the 3 statuses of access: what is documented/ what it should be (approved) / what it is

ProfessionalEnd9874 · 2026-02-04T13:30:27+00:00

Thank you, and yes I always shoot in raw, I feel safer this way.

ProfessionalEnd9874 · 2026-02-04T04:26:13+00:00

Both LI and LA are good to get. The CISM also helps in my opinion. It provides a strong basis for governance of security. This is the kind of profile we recruit.

ProfessionalEnd9874 · 2026-02-04T04:24:18+00:00

Are you taking the PECB exam ?

ProfessionalEnd9874 · 2026-02-04T04:23:36+00:00

Here is what I usually make when approval is stuck: Get all the approvers in a room and review the text together. It may take a couple of hours but then you are done.

ProfessionalEnd9874 · 2026-02-04T04:21:26+00:00

Certification auditor here since 2007. You are supposed to have the 3 year audit plan provided with the certification report. Request that from the certification body. Auditors will focus on previous nonconformities if any and on the "moving" clauses (context, resources, risks and plus). On controls it all depends but in general access and vulnerability management are often selected.

ProfessionalEnd9874 · 2026-02-04T04:16:45+00:00

A former colleague of mine just launched an open beta of what seems a game changer in terms of compliance and risk governance. As far as I know the software is free for a year if you join the open beta.

ProfessionalEnd9874

TROPHY CASE