-
Eye on
CYBER SECURITY
Cyber4Z in short
Cyber4Z started in 2015 with two specialists experienced in the cybersecurity domain. We now have a team with various capabilities in the field of strategic and tactical design of cyber security, IT, Privacy and Blockchain technology.
In addition, we are involved in technical and tactical implementations of complex security challenges that focus on the acceptance of new technologies in a pragmatic way. With our expertise and experience, we can guarantee the business objectives of our clients. These are widely determined by laws and regulations, customer requirements and rules of compliance.
Who are we?
Our team consists of certified professionals. Quality is our top priority. The technical and tactical implementations we deliver from the strategic design can be externally certified against the ISO9001, ISO27001, NEN7510 or other standards. Therewith we can have our quality tested externally as well. In addition, we provide operational knowledge when it comes to technical security assessments such as penetration tests, project management, SOC / SIEM propositions with connecting services such as log management, vulnerability and compliance management, patch management, training in the field of privacy, security and blockchain technology.
More about Cyber4ZOur clients
Monthly Cybernote: September 2023
The ISO 27001 audit is complete, now what?
After completing an ISO 27001 audit, there may be some findings that need to be addressed according to the audit report. This step-by-step guide will help you deal with it in a structured way after completing the audit process.
Step 1: Check your recommendation status
Your certification auditor will summarize the outcome of its findings according to one of three statuses: Recommended, Recommended in the development of the action plan and Not Recommended. If the audit report states that a recommendation is given, you can go directly to the last step of this list.
Step 2 - Check your discrepancies
The first thing to do is determine the severity of your discrepancies. There are three primary categories of nonconformity, often referred to as nonconformity:
- Major Non-conformity: This is the category you don't want to fall into. You will be hit with a major non-conformity if your auditor cannot identify risk mitigation procedures that conform to ISO 27001 standards.
- Minor Nonconformity: This means that your auditor has confirmed that an ISO 27001-specific risk mitigation procedure is in place, but that it is not effective or not properly implemented.
- Opportunity for Improvement (OFI): This is when your audit identifies processes that, once improved, will increase the efficiency of ISO 27001 risk management(s). OFIs are recommended improvement actions and are not mandatory.
Step 3 - Have a corrective action plan
Failure to achieve ISO 27001 certification does not mean you need to redesign your audit plans and Information Security Management System (ISMS). As mentioned earlier, your external auditor will issue a 'Recommended' advice when the findings have been sufficiently resolved. For any nonconformity, you must provide your auditor with an action plan outlining how it will be addressed. This so-called Corrective Action Plan must usually be submitted within 14 days of receipt of the final report. Evidence that your corrective action plan has been implemented must be provided within 30 days, including proof that it has been resolved.
Step 4 - Start preparing for your recertification
The ISO 27001 certificate has been received, congratulations! Your recertification is only three years away, but you should start preparing for a streamlined process now, especially since a small follow-up audit will take place in one year. The following tips can help with a successful recertification: develop a culture of continuous improvement, Implement regular internal ISO 27001 audits, create an audit checklist.