Lifu Technologies - Blog #ISO 27001Lifu Technologies - Blog #ISO 27001https://www.lifutechnologies.co.za/blogs/tag/iso-27001Thu, 16 Apr 2026 13:32:15 -0700http://zoho.com/sites/<![CDATA[Get over it – you will be hacked: confronting and preparing for the reality of cyberattacks]]>https://www.lifutechnologies.co.za/blogs/post/Get-over-it-–-you-will-be-hackedThe inevitability of cyberattacks is a stark reality in today’s digital landscape. With 3,205 reported data compromises in the US in 2023, representing a 72% increase over 2021[1] , businesses must acknowledge that cyber risk is on the rise.]]>

It was a pleasure presenting to the Berne Union about Cyber Security and the potential impact to Credit Risks

The full post is here :

]]>Tue, 30 Jul 2024 10:16:17 +0200<![CDATA[CoBIT 5, ITIL V3, ISO 27001  Information Security Management System and ISO 9001 Quality Management System]]>https://www.lifutechnologies.co.za/blogs/post/cobit-5-itil-v3-iso-27001-information-security-management-system-and-iso-9001-quality-management-sysCoBIT 5, ITIL V3, ISO 27001 – Information Security Management System and ISO 9001 Quality Management System]]>

LIFU Technologies is delighted to share that Glenard O'Moore has joined us to offer certification services like ISO 27001 and 9001. Glenard has also been appointed CISO for Lifu Technologies.

Glenard has more than 15 years’ experience in implementing and Auditing “Best Practice” Frameworks, and Standards such as CoBIT 5, ITIL V3, ISO 27001 – Information Security Management System and ISO 9001 Quality Management System

Qualifications:

Certified ITIL Expert

Certified CoBIT Assessor

Certified ISO 27001 Lead Auditor

Certified ISO 9001 Lead Auditor

DevOps Practioner


References include: 

Implementation of ITIL in the Ministry of Finance and Office of the Prime Minister in Namibia where 16 Government Employees were trained and Certified as ITIL Experts


Establishment of GRC in accordance with Public Service Administration in Namibia


In collaboration with DD Limpopo, establishment of DPSA CGICT defined Core Practices at the then, newly established Collins Chabane Local Municipality


Implementation of ISO 27001 Information Security Management for QR-Connect in the Netherlands and Zafehouze ApS in Denmark.

Get Started Now
]]>Fri, 26 Jan 2024 12:45:51 +0200<![CDATA[What is the difference between ISO 27001 and SOC?]]>https://www.lifutechnologies.co.za/blogs/post/cobit-5-itil-v3-iso-27001-information-security-management-system-and-iso-9001-quality-management-sys1

ISO 27001 is the Standard that establishes requirements for an Information Security Management System (ISMS), a set of practices to define, implement, operate, and improve information security.

 

While SOC refers to a set of audit reports to evidence the level of Conformity of Information Security Controls’ design and operation against a set of defined criteria (TSC),

Comparison between ISO 27001:2022 and SOC

 

ISO 27001:2022 Revision defines requirements and Controls for the systematic Protection of Information, including PII which are Applicable to Organizations/Entities of any size across Industries that require Compliance with the Standard.

 

The Information Security Management System (ISMS), defined in Clauses 4 through 10 of the Standard, provides Directives to Organizations/Entities as to provide Guidance to ensure its Security Compliance are aligned with identified/adopted objectives and outcomes (eradication/mitigation of Threats as a result of incidents, operational optimization, etc.), predicated upon an EFFECTIVE Risk Management approach.

 

What is the relationship between ISO 27001:2022 and SOC?

 

ISO 27001 has at a minimum the following controls that can be used to comply with the Trust Services Criteria:


 

ISO 27001 vs SOC

 

It is not a question of whether ISO 27001 vs. SOC 2, as SOC is an Audit report, while ISO 27001 is a Standard to establish an Information Security Management System (ISMS)

 

Hence SOC can be considered as an output, delivered by an ISO 27001 ISMS Implementation.

 

In effect the appropriate relationship between ISO 27001 and SOC is as follows:

 

1.ISO 27001 Certification is not Mandatory to create an SOC report

 

2.The ISMS can provide, without major additional cost and effort, a solid basis for preparing this report, whilst increasing Clients/Customers’ confidence that the Organization can Protect their Information/Data.

 

What is the difference between ISO 27001 and SOC?

 

ISO 27001 is the Standard that establishes requirements for an Information Security Management System (ISMS), a set of practices to define, implement, operate, and improve information security.

 

While SOC refers to a set of audit reports to evidence the level of Conformity of Information Security Controls’ design and operation against a set of defined criteria (TSC),

 

Definition. 

 

ISO 27001 is a Standard that establishes requirements for an Information Security Management System (ISMS).

 

SOC refers to a set of audit reports to evidence the level of conformity to a set of defined criteria (TSC),

 

Applicability by industry. 

 

ISO 27001 – for Organizations of any size or industry.

 

SOC 2 – for Service Organizations from any industry,

 

Compliance. 

 

ISO 27001 is certified by ISO certification body.

 

SOC 2 is attested by a licensed Certified Public Accountant (CPA),

 

What are the Objectives?

 

ISO 27001 – to define, implement, operate, control, and improve overall security.

 

SOC 2 is intended to prove Security level of Systems against static principles and criteria

.

Get Started Now
]]>Fri, 26 Jan 2024 12:45:51 +0200<![CDATA[ISO 27001 - NIST - CoBIT - Integrated Framework Model]]>https://www.lifutechnologies.co.za/blogs/post/ISO-27001-NIST-CoBIT-Integrated-Framework-Modelamely ISO 27001, the leading ISO standard for Information Security Management; COBIT, an IT management and Governance Framework; and NIST SP 800 series, a set of documents published by the United States government iro IT Technology Security, to which ISO 62443 (IoT) will be added]]>

Executive Summary

The increase in concern among businesses and customers about protecting their information has led to more complex security requirements, many times involving the integration of multiple approaches.

In turn, modern information security implementation projects have become even more challenging, especially information technology processes.

And, when we talk about integrating approaches, it is not a question of simply creating a single list of what each approach requires and implementing them, but rather to coordinate these requirements, through trade-offs between conflicting objectives and alternatives, and by reinforcing the common ones, so that the implemented requirements can meet the expected overall outcomes.

Therefore, before ensuring compliance with requirements, it is paramount to consider a process of integrating security practices into business activities, but strange as it may seem, there are not many readily available materials regarding integrating practices.

Our approach embraces the three areas, namely ISO 27001, the leading ISO standard for Information Security Management; COBIT, an IT management and Governance Framework; and NIST SP 800 series, a set of documents published by the United States government iro IT Technology Security, to which ISO 62443 (IoT) will be added

We will present their similarities and differences, and how they can be used together during an information security implementation project to improve information protection.


The Paper is written by Glenard O'Moore, CISO of Lifu Technologies and certified auditor on various standards

Read the paper
]]>Wed, 10 Jan 2024 12:31:28 +0200<![CDATA[CONFORMIO: ISO 27001 Software for Small Businesses]]>https://www.lifutechnologies.co.za/blogs/post/ISO-27001-Software-for-Small-BusinessesConformio was created by the top ISO experts in the world to help you simplify your ISO 27001 compliance effort. We have automated the documentation effort and wrapped it in a step-by-step process to make it easy and fast to obtain your certification.]]>

Reduce the Overhead of Certification | Developed by Top Industry Experts

Conformio was created by the top ISO experts in the world to help you simplify your ISO 27001 compliance effort. We have automated the documentation effort and wrapped it in a step-by-step process to make it easy and fast to obtain your certification. Whether you are new to the standard or a seasoned professional, Conformio lowers your overhead to get certified without an issue.


Free trail available - follow the link below

Get Started Now
]]>Thu, 29 Jun 2023 14:51:42 +0200<![CDATA[Four key benefits of ISO 27001:2022 implementation]]>https://www.lifutechnologies.co.za/blogs/post/four-key-benefits-of-iso-27001-2022-implementationActually, you shouldn’t blame them – after all, their ultimate responsibility is the profitability of the company. That means their every decision is ]]>

Have you ever tried to convince your management to fund the implementation of information security? If you have, you probably know how it feels – they will ask you how much it costs, and if it sounds too expensive, they will say no.



Actually, you shouldn’t blame them – after all, their ultimate responsibility is the profitability of the company. That means their every decision is based on the balance between investment and benefit, or to put it in management’s language – ROI (return on investment).

This means you have to do your homework first before trying to propose such an investment – think carefully about how to present the benefits, using language the management will understand and will endorse.

I’ll help you – the benefits of information security, especially the implementation of ISO 27001:2022, are numerous. But in my experience, the following four are the most important:

1) Compliance

It might seem odd to list this as the first benefit, but it often shows the quickest “return on investment” – if a company must comply with various regulations regarding data protection, privacy, and IT governance (particularly if it is a financial, health, or government organization), then ISO 27001 can bring in the methodology that enables it to do so in the most efficient way.

Even more important, if an existing customer asks you to comply with ISO 27001, then you need to comply with the standard to keep the client.

2) Marketing edge

In a market that is more and more competitive, it is sometimes very difficult to find something that will differentiate you in the eyes of potential customers. ISO 27001 could be a unique selling point that can set you apart from your competitors, especially if new clients want their data to be treated with great care.

3) Lowering the expenses

Information security is usually considered as a cost with no obvious financial gain. However, there is financial gain if you lower your expenses caused by incidents. You probably do have interruptions in service, or occasional data leakage, or disgruntled employees. Or disgruntled former employees.

To be honest, there is still no methodology and/or technology to calculate how much money you could save if you prevented such incidents. But it always sounds good if you bring such cases to management’s attention.

4) Bringing order to your business

This one is probably the most underrated – if you are a company that has been growing rapidly for the last few years, you might experience problems like – who has to decide what, who is responsible for certain information assets, who has to authorize access to information systems, etc. ISO 27001 is particularly good in sorting these things out – it will force you to define roles and responsibilities very precisely, and therefore strengthen your internal organization.


To conclude – ISO 27001 could bring in many benefits besides being just another certificate on your wall. In most cases, if you present those benefits in a clear way, the management will start listening to you.




Read on how Conformio can help you implement ISO 27001
]]>Thu, 29 Jun 2023 14:36:51 +0200