Tag

Certification Process

Process flow linking risk assessment, risk tier, control intensity, due diligence, monitoring, and evidence
Audit Preparation May 1, 2026 6 min read
ISO 37001 “Reasonable and Proportionate”: Why Uniform Controls Fail the Standard’s Own Test
Quick Answer: ISO 37001:2025 requires every anti-bribery control to be calibrated to documented bribery risk — not applied uniformly. “Reasonable and proportionate” is a design instruction: risk assessment…
Read article →
ISO 27001 risk assessment methodology documentation gap between 2013 and 2022 editions
Audit Preparation Apr 22, 2026 6 min read
ISO 27001:2022 Clause 6.1.2: Why Your Carried-Forward Risk Assessment Methodology Is an Audit Liability
**Excerpt:** ISO 27001:2022 removed asset/threat/vulnerability as a normative prerequisite for risk identification. Organisations that carried their methodology forward without documenting the choice under Clause 6.1.2 now face a Major nonconformity risk at their next audit. (42 words)
Read article →
Risk-based internal audit programme workflow showing frequency calibration against process risk data
Audit Preparation Apr 3, 2026 10 min read
Your Internal Audit Programme Isn’t Risk-Based — And ISO 9001’s Revision Will Prove It
Most ISO 9001 audit programmes run fixed-rotation schedules with no risk-based frequency rationale. ISO DIS 9001:2025 adds defined per-audit objectives — exposing the structural gap. Here's how to rebuild before transition.
Read article →
Governing body reviewing anti-bribery function direct reporting evidence
Implementation Guides Feb 26, 2026 6 min read
How ISO 37001:2025 Catches Anti-Bribery Function Independence Failures
ISO 37001:2025 requires the anti-bribery function to operate with structural independence and direct governing body access. Most organisations' reporting lines create a nonconformity under Clause 5.3.2 — here's how to identify and fix the gap before transition audit.
Read article →