2025-04-26 –, Seminar Room 1
In the dark shadowy depths of auditing, you can see a plethora of nonconformities lurking - relentless, chaotic and recurring. Time and time again, these common pitfalls can catch companies off guard, undermining their Information Security Management System (ISMS). Whether you're an auditor, implementer or just a curious soul looking to unravel the mysteries of an ISMS, we'll take a look at the top five nonconformities (personally rated by me) and more importantly, the best mitigations and methods you can employ to prevent these devious traps from recurring!
An Information Security Management System (ISMS) is the backbone of an organisation's approach to tackling information security. The most widely known ISMS framework, lauded through the Halls of Compliance, is ISO27001. You've probably heard of it!
The ISMS is there to provide a structured approach in protecting organisational and client data in a way that is best suited to the business needs. Some businesses may have an ISMS to generally improve their information security, others may try to implement one for tendering purposes. Though many understand generally what is required, many misinterpret, overlook or outright miss areas that could result in the very foundations of the ISMS crumbling and cracking.
"But what are these areas that are so often missed?" I hear you cry. An excellent question!
In this talk, I will uncover the five most common nonconformities and how to effectively remediate them that I've encountered during my 4 year tenure as an ISO27001 Lead Auditor. Though the talk will primarily be focused on ISO27001, the knowledge gained can still be applied to any ISMS, regardless of the framework.
So come along so you can learn from these experiences and help improve your own ISMS or - if you're an auditor or implementer - further improve your knowledge!
2 - Need some foundational knowledge into Cyber Security
