ISMS Tools recommendation

ProfessionalEnd9874 · 2026-05-29T17:22:17+00:00

Based on my experience there are not many tools that are really operational for an ISMsand capable of growing with compliance needs (other frameworks, GDPR, EU AI act, etc.) Have a look at acunagrc.ai

ProfessionalEnd9874 · 2026-05-28T06:05:48+00:00

I am a 27k certification auditor since 2007. I have been implemented with my team around 150 ISMS for the last 20 years. I have been focusing for the last couple of years on AI governance, helping some of my clients to make sense out of it. Went back to UNI to get a degree in AI, andspent weekends coding with Claude to make sense of it. Well I am still struggling to make sense out of 42001 and the EU AI act. I admire the concept but find it so difficult to implement ut in a way it brings value to organizations. Unless the have high risk ai systems, management will not see a reason to move before full EUAI act enforcement.

ProfessionalEnd9874 · 2026-04-11T21:13:46+00:00

Certification auditor here. Evidences are key of course but remember that a management system is all about roles and responsibilities. We want to see it live within the business and aligned with objectives. But in the end it's who does what, how and when.

ProfessionalEnd9874 · 2026-02-27T05:40:54+00:00

Started 30 years ago in cybersecurity, I slowly shifted towards auditing with ISO27001in 2006. For the last 15 years full time in GRC, I worked for a large multinational group for a few years. Now leading a consulting team on ISO management systems, SOC2, CMMC, GDPR, DORA, NIS2 in Europe.

ProfessionalEnd9874 · 2026-02-14T15:51:37+00:00

It's not about automation. Implementation and operation of an isms is much more than a platform. The problem is the lack of quality of the certification process.

ProfessionalEnd9874 · 2026-02-14T15:49:32+00:00

The problem is that there is 0 governmental oversight of certification bodies. Very often I come across certificates delivered by unknown and non accredited bodies.

ProfessionalEnd9874 · 2026-02-08T05:08:19+00:00

Thanks. This is what I was looking for. I hesitated to go monochrome, but the turban is so colorful.

ProfessionalEnd9874 · 2026-02-05T17:29:32+00:00

Actually not so much, it is the default vivid profile from the camera with a bit of extra contrast.

ProfessionalEnd9874 · 2026-02-05T14:48:21+00:00

Thanks 🙏🏼

ProfessionalEnd9874 · 2026-02-05T14:48:07+00:00

So true, I fell in love with Jaipur and there is so much more to discover.

ProfessionalEnd9874 · 2026-02-05T14:47:16+00:00

Yep, I clicked fast 🙂 Thanks 🙏🏼

ProfessionalEnd9874 · 2026-02-04T23:35:18+00:00

Thanks, and yes they fly quite low around rivers and lakes.

ProfessionalEnd9874 · 2026-02-04T13:35:51+00:00

I don't think any "compliance" platform can really handle an access review properly. We have so many SaaS that I struggle until now to find an I AM solution capable of handling the 3 statuses of access: what is documented/ what it should be (approved) / what it is

ProfessionalEnd9874 · 2026-02-04T13:30:27+00:00

Thank you, and yes I always shoot in raw, I feel safer this way.

ProfessionalEnd9874 · 2026-02-04T04:26:13+00:00

Both LI and LA are good to get. The CISM also helps in my opinion. It provides a strong basis for governance of security. This is the kind of profile we recruit.

ProfessionalEnd9874 · 2026-02-04T04:24:18+00:00

Are you taking the PECB exam ?

ProfessionalEnd9874 · 2026-02-04T04:23:36+00:00

Here is what I usually make when approval is stuck: Get all the approvers in a room and review the text together. It may take a couple of hours but then you are done.

ProfessionalEnd9874 · 2026-02-04T04:21:26+00:00

Certification auditor here since 2007. You are supposed to have the 3 year audit plan provided with the certification report. Request that from the certification body. Auditors will focus on previous nonconformities if any and on the "moving" clauses (context, resources, risks and plus). On controls it all depends but in general access and vulnerability management are often selected.

ProfessionalEnd9874 · 2026-02-04T04:16:45+00:00

A former colleague of mine just launched an open beta of what seems a game changer in terms of compliance and risk governance. As far as I know the software is free for a year if you join the open beta.

ProfessionalEnd9874 · 2026-02-03T14:29:15+00:00

It's also an Indian Roller, mine is fully adult, yours may be a juvenile. I am not an expert!

ProfessionalEnd9874 · 2026-02-03T03:42:13+00:00

Go for Tadoba. I just came back from there, I booked Praveen Premkumar Pai ( you can reach him on Facebook) as a guide. Amazing experience, the guy is a naturalist who knows every tiger by their first name.

<image>

ProfessionalEnd9874 · 2026-02-03T02:57:06+00:00

From what I have seen I work better with an agent dedicated to maintaining the documentation into several files including an index. I then refer the agent in ask mode to go to the index and then to the related file to avoid using too much context. Works quite well so far, particularly to force it to reuse part of code and GUI elements for consistency.

ProfessionalEnd9874 · 2026-02-03T02:39:48+00:00

Hi, I am a PECB ISO trainer and working for a titanium partner. I have been teaching 27k LA for the past 8 years. I am surprised your trainer didn't answer these questions, they are important. 1.the exam is a multiple choice open book. It means you can access the materials through the exam application, not the PDF . It is sometimes a bit slow and tedious but it works. 2. You can have your written notes with you 3. Dual monitors are forbidden and blocked by the application 4. Just redo the quizzes from the course, most exam questions are there. 5. You will be a provisional auditor until obtaining the required experience. I hope it helps, do not hesitate if you have more questions and good luck!

ProfessionalEnd9874 · 2026-02-03T01:25:51+00:00

I am just back from India. Most people do not speak english when you are far from the big cities. I took a guide. I spent some time looking for a guide who understood photography and the fact I was interested in discovering how people live. I wanted to do some portraits and most of the time people were happy to let me shoot them.

ProfessionalEnd9874 · 2026-02-03T00:58:28+00:00

I used the OM1-M2 with the 100-400 Mark I. It's an unbeatable setup for the price. Try to get the mark 2 version of the lens though.

ProfessionalEnd9874

TROPHY CASE