ISO 27001

ISO 42001 Statement of Applicability structure showing Annex A controls vs Annex B guidance

Audit Preparation Apr 28, 2026 6 min read

ISO 42001 Statement of Applicability and Impact Assessment: Two Errors That Survive Audit Preparation

Organisations building their first ISO/IEC 42001:2023 AI Management System are importing assumptions from ISO 27001 that do not transfer. Two structural errors reach Stage 2 audit preparation uncorrected:…

Read article →

ISO 27001 risk assessment methodology documentation gap between 2013 and 2022 editions

Audit Preparation Apr 22, 2026 6 min read

ISO 27001:2022 Clause 6.1.2: Why Your Carried-Forward Risk Assessment Methodology Is an Audit Liability

**Excerpt:** ISO 27001:2022 removed asset/threat/vulnerability as a normative prerequisite for risk identification. Organisations that carried their methodology forward without documenting the choice under Clause 6.1.2 now face a Major nonconformity risk at their next audit. (42 words)

Read article →

Diagram showing ISMS scope boundary gaps where cloud and SaaS data flows cross undocumented perimeters

Audit Preparation Jan 17, 2026 6 min read

Your ISMS Scope Is Protecting the Wrong Perimeter — and ISO 27001 Auditors Know It

Most ISMS scope statements describe an organisation that existed three migrations ago. Learn why ISO 27001 Clause 4.3 scope failures trigger Stage 2 findings and how to define boundaries that follow information flows, not org charts.

Read article →

Quality & Sector QMS

Environment, Energy & OH&S

Information Security & Privacy

Governance & Compliance

Food Safety

Resilience & Supply Chain

Labs & Healthcare

Assets & Facilities

More Standards

By Standard

By Level

Industries

More Industries