Introduction ISO/IEC 27001:2015 (ISO 27001) certification is becoming more of a conversation in most major businesses in the United States. To provide some depth, there was a 20% increase in ISO 27001 certificates maintained globally (comparing the numbers from 2014 to 2015 as noted in the recent ISO survey). As for North America, there was a 78% growth rate in ISO 27001 certificates maintained, compared to those in North America in 2014. So it is clear evidence that the compliance effort known as ISO 27001 is making its imprint on organizations in the United States. However, it’s just the beginning. Globally, there are 27,563 ISO 27001 certificates maintained, of which only 1247 are maintained in the United States; that is 4.5% of all ISO 27001 certificates.

As the world becomes increasingly digital, governments around the world are taking measures to ensure the safety and security of their citizens' data.

"Even when clouds grow thick, the sun still pours its light earthward."

When it comes to ISO 27001, implementing a holistic information security management system (ISMS) in order to meet the standard is difficult—particularly where the internal audit requirement is concerned. As an experienced ISO Certification Body, we consistently hear feedback that the internal audit function is a particularly tricky part of the ISO 27001 standard.

Ever moved somewhere new? It’s a big life change, and of course, it’s important you pack all your belongings and get them moved to your new spot. But it’s not just your stuff that you need to account for—you’ll also be looking for a new local doctor to trust with your medical history, a new mechanic to trust with your car, etc.

Ever seen one of those cheesy romcoms where the protagonist realizes the right person for them has been in front of their eyes the whole time? Maybe they were just friends before, maybe they ran in different circles, or maybe they were distracted by other people. But then circumstances align and what previously wasn’t even a possibility they realize is precisely the right path.

Today, after much anticipation, ISO announced that ISO/IEC 27001:2022 has officially been published. Ever since ISO/IEC 27002:2022 was published in February of this year, the industry has waited for this—that includes Schellman.

If you’ve ever been in a car with someone who takes a speedbump anywhere above 10mph, at the time, you’ve probably thought, “didn’t you see that coming?!” Or maybe, “why didn’t they avoid that giant bump in the road?”