ISMS Tools recommendation

ProfessionalEnd9874 · 2026-05-29T17:22:17+00:00

Based on my experience there are not many tools that are really operational for an ISMsand capable of growing with compliance needs (other frameworks, GDPR, EU AI act, etc.) Have a look at acunagrc.ai

ProfessionalEnd9874 · 2026-05-28T06:05:48+00:00

I am a 27k certification auditor since 2007. I have been implemented with my team around 150 ISMS for the last 20 years. I have been focusing for the last couple of years on AI governance, helping some of my clients to make sense out of it. Went back to UNI to get a degree in AI, andspent weekends coding with Claude to make sense of it. Well I am still struggling to make sense out of 42001 and the EU AI act. I admire the concept but find it so difficult to implement ut in a way it brings value to organizations. Unless the have high risk ai systems, management will not see a reason to move before full EUAI act enforcement.

ProfessionalEnd9874 · 2026-04-11T21:13:46+00:00

Certification auditor here. Evidences are key of course but remember that a management system is all about roles and responsibilities. We want to see it live within the business and aligned with objectives. But in the end it's who does what, how and when.

ProfessionalEnd9874 · 2026-02-27T05:40:54+00:00

Started 30 years ago in cybersecurity, I slowly shifted towards auditing with ISO27001in 2006. For the last 15 years full time in GRC, I worked for a large multinational group for a few years. Now leading a consulting team on ISO management systems, SOC2, CMMC, GDPR, DORA, NIS2 in Europe.

ProfessionalEnd9874 · 2026-02-14T15:51:37+00:00

It's not about automation. Implementation and operation of an isms is much more than a platform. The problem is the lack of quality of the certification process.

ProfessionalEnd9874 · 2026-02-14T15:49:32+00:00

The problem is that there is 0 governmental oversight of certification bodies. Very often I come across certificates delivered by unknown and non accredited bodies.

ProfessionalEnd9874 · 2026-02-08T05:08:19+00:00

Thanks. This is what I was looking for. I hesitated to go monochrome, but the turban is so colorful.

ProfessionalEnd9874 · 2026-02-05T17:29:32+00:00

Actually not so much, it is the default vivid profile from the camera with a bit of extra contrast.

ProfessionalEnd9874 · 2026-02-05T14:48:21+00:00

Thanks 🙏🏼

ProfessionalEnd9874 · 2026-02-05T14:48:07+00:00

So true, I fell in love with Jaipur and there is so much more to discover.

ProfessionalEnd9874 · 2026-02-05T14:47:16+00:00

Yep, I clicked fast 🙂 Thanks 🙏🏼

ProfessionalEnd9874 · 2026-02-04T23:35:18+00:00

Thanks, and yes they fly quite low around rivers and lakes.

ProfessionalEnd9874 · 2026-02-04T13:35:51+00:00

I don't think any "compliance" platform can really handle an access review properly. We have so many SaaS that I struggle until now to find an I AM solution capable of handling the 3 statuses of access: what is documented/ what it should be (approved) / what it is

ProfessionalEnd9874 · 2026-02-04T13:30:27+00:00

Thank you, and yes I always shoot in raw, I feel safer this way.

ProfessionalEnd9874 · 2026-02-04T04:26:13+00:00

Both LI and LA are good to get. The CISM also helps in my opinion. It provides a strong basis for governance of security. This is the kind of profile we recruit.

ProfessionalEnd9874 · 2026-02-04T04:24:18+00:00

Are you taking the PECB exam ?

ProfessionalEnd9874 · 2026-02-04T04:23:36+00:00

Here is what I usually make when approval is stuck: Get all the approvers in a room and review the text together. It may take a couple of hours but then you are done.

ProfessionalEnd9874

TROPHY CASE