Measuring Information Security Effectiveness

December 30th, 2016


You simply can’t be too careful when it comes to information security. Protecting personal records and commercially sensitive information is critical. But how can you tell that your ISO/IEC 27001 information security management system (ISMS) is making a difference? A new ISO/IEC International Standard can help you out.

The recently updated ISO/IEC 27004:2016, Information technology – Security techniques – Information security management – Monitoring, measurement, analysis and evaluation, provides guidance on how to assess the performance of ISO/IEC 27001. It explains how to develop and operate measurement processes, and how to assess and report the results of a set of information security metrics.

ISO/IEC 27004:2016 shows how to construct an information security measurement programme, how to select what to measure, and how to operate the necessary measurement processes. It includes extensive examples of different types of measures, and how the effectiveness of these measures can be assessed.

Among the many benefits to organizations of using ISO/IEC 27004 are:

  • Increased accountability
  • Improved information security performance and ISMS processes
  • Evidence of meeting requirements of ISO/IEC 27001, as well as applicable laws, rules and regulations

ISO/IEC 27004:2016 replaces the 2009 edition; it has been updated and extended to align with the revised version of ISO/IEC 27001 to provide organizations with greater added value and confidence.  For more information visit the website.

ISO 9001:2015 for Small Business

November 21st, 2016

ISO’s essential guide for small enterprises wishing to implement a quality management system (QMS) has just been updated, providing practical advice and concrete examples tailored specifically for small businesses.

The handbook was written by a group of experts from ISO/TC 176/SC 2, the technical subcommittee that developed ISO 9001:2015, and features useful information on everything from how to get started right through to guidance for those who choose to seek certification. It includes practical advice on the different ways of approaching a quality management system (QMS) as well as detailed guidance on each element of the ISO 9001:2015 Standard. This handbook offers tailored advice to help them implement a quality management system that can truly be useful, and can help organizations improve their overall business performance.

ISO 9001 is one of the world’s most widely used quality management system standards, with over one million organizations certified to it in over 170 countries around the world.

ISO 9001:2015 for Small Businesses  What to do? is available for purchase from the ISO Store.


ISO management system standards continue global growth trend

October 22nd, 2016



The 2015 results of the ISO Survey have just been released, showing the number of certifications to ISO management system standards continues to rise worldwide.   According to the results of the survey, a total of 1,519,952 valid certificates were reported worldwide in 2015 across nine management system standards, compared to 1, 476, 504 the previous year – an increase of 3 %.

ISO’s most widely used management system standards, ISO 9001 for quality management and ISO 14001 for environmental management, remain popular with  1, 033, 936 and 319,324 certificates respectively.  

The ISO Survey is an annual survey of valid certifications to our management system standards issued by accredited certification bodies worldwide. It is the most comprehensive overview of certifications to these standards currently available. ISO does not perform certification, therefore these results rely on the responses of some of the world’s largest certification bodies.

View the executive summary and full results on the ISO Survey page.

Engaging Employees: Big Companies Need the Most Improvement

September 20th, 2016


When it comes to how engaged employees are with their companies, organization size matters. Employees who work for larger companies with more than 1,000 workers report lower levels of engagement than those who work for smaller firms with fewer than 1,000 employees. The engagement gap widens for employees who work for companies with more than 5,000 workers, as these individuals report lower average results on nearly all of Gallup’s engagement items than in firms with fewer than 1,000 employees.

Gallup analysis shows that the 1,000-employee mark seems to be the tipping point for declining engagement with a company. When an organization reaches this size, a smaller percentage of employees strongly agree that they have the opportunity to do  what they do best every day and that their organization’s mission or purpose makes them feel their job is important. A smaller percentage also strongly agree that they have the materials and equipment to do their job right and that they have opportunities at work to learn and grow.

Here are some steps larger companies can take to boost engagement in their workforce:

  • Establish effective feedback systems
  • Create opportunities for employees to learn and grow
  • Take advantage of regular check-ins

Visit the Gallup Website for more detailed information on this important study.  Well worth the Look!