Control

Having seen yet another comment on social media this morning along the lines of "I'm petrified that the certification auditor will raise a nonconformity if we don't adopt specific Annex A controls", I've added an ISO27k FAQ under the assurance section . This is one of the most frequent of F requently A sked Q uestions, a frustratingly persistent concern relating to the natural anxieties about being audited. I've been audited. I've been an auditor. Audits are challenging,

I'm intrigued by the notion of 'adversaries' being classed and treated as 'stakeholders' for risk management purposes. Adversaries' interests, concerns, requirements and expectations are (on the whole) diametrically opposed to the organisation's and its more conventional stakeholders. However, as with all stakeholders ( e.g . owners, workers, partners, suppliers, customers, authorities, communities, society ...), they are willing to invest in achieving the outcomes they desir