ITIL 4 — IT Service Management
What is ITIL? ITIL (Information Technology Infrastructure Library) is the world’s most widely adopted IT service management (ITSM) framework. Originally developed by the UK government in the 1980s, ITIL provides a practical, flexible framework for aligning IT services with the needs of the business. It has been adopted by organisations in over 180 countries and […]
ISO 42001
What is ISO 42001? ISO/IEC 42001:2023 is the world’s first international standard for Artificial Intelligence Management Systems (AIMS). Published in December 2023, it provides a framework for organisations to responsibly develop, deploy and use AI systems. Similar in structure to ISO 27001 (information security) and ISO 9001 (quality management), ISO 42001 enables organisations to demonstrate […]
ISO 27799 — Health Informatics Security
What is ISO 27799? ISO 27799:2016 is an international standard that provides guidance on implementing ISO 27002 controls specifically within the health informatics sector. It addresses the particular information security requirements of health organisations — including the protection of personal health information (PHI) in electronic form. While HIPAA addresses US-specific legal requirements for health data, […]
ISO 27002:2022
What is ISO 27002? ISO/IEC 27002:2022 is the companion standard to ISO 27001 — while ISO 27001 defines the requirements for an Information Security Management System (ISMS), ISO 27002 provides detailed guidance on the implementation of the Annex A controls. Think of ISO 27001 as the what and ISO 27002 as the how. ISO 27002 […]
CIS Controls v8
What is the Center for Internet Security? The Center for Internet Security (CIS) is a non-profit organisation founded in 2000 that develops best practices for securing IT systems and data. CIS is best known for two products — the CIS Controls (a prioritised set of cybersecurity actions) and the CIS Benchmarks (detailed configuration guidelines for […]
COSO Internal Control Framework
What is COSO? The Committee of Sponsoring Organisations of the Treadway Commission (COSO) is a joint initiative of five major professional accounting and finance organisations — the American Accounting Association, AICPA, Financial Executives International, the Institute of Management Accountants, and the Institute of Internal Auditors. Established in 1985 to study fraudulent financial reporting, COSO has […]
CSA Cloud Controls Matrix (CCM) v4
What is the Cloud Security Alliance? The Cloud Security Alliance (CSA) is a non-profit organisation founded in 2008 with a mission to promote the use of best practices for providing security assurance within cloud computing. With tens of thousands of individual members and hundreds of corporate members worldwide, CSA is the world’s leading organisation dedicated […]
COBIT 2019
What is COBIT? COBIT (Control Objectives for Information and Related Technologies) is a framework developed by ISACA for IT governance and management. First published in 1996, COBIT provides organisations with a comprehensive set of tools, models and best practices to bridge the gap between business requirements, technical issues and control risks. It is the leading […]
PCI DSS v4.0
What is PCI DSS? The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements designed to ensure that all organisations that accept, process, store or transmit credit card information maintain a secure environment. It was created to protect cardholders from fraud and data breaches and applies to any organisation that […]
ISO 27001:2022
What is ISO? The International Organization for Standardization (ISO) is an independent, non-governmental international body founded in 1947. With members from 167 countries, ISO develops and publishes international standards covering almost every industry — from technology and manufacturing to food safety and healthcare. In information security, ISO is the most globally recognised standards body outside […]