In this episode of InfoSec Insider, Jack Woods and Mark O’Kane, both Consultants at URM, take a deep dive on the ‘People’ controls theme in ISO 27001, and why these controls matter in today’s hybrid workplaces, how they strengthen information security, and what auditors look for during assessments.  Jack and Mark draw upon their extensive experience supporting organisations’ implementation of the Standard to discuss:

• How to balance the risk of potential insider threats against the downsides of overzealous background checks when implementing pre-employment screening


• The practical steps you can take to meaningfully enforce people controls beyond generic policies in the context of remote and hybrid work environments


• How to ensure incident reporting for information security is both mandatory and non-punitive, so employees feel safe to report without fear of reprisal


• The types of evidence auditors expect to see in a people controls-focused audit


• The risks that arise when people controls such as training or NDAs are not routinely reviewed/updated as working patterns or staff roles evolve.

Ask Jack and Mark a question: https://urmconsulting.com/podcasts/iso-27001-people-controls

If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider     

You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts     

Connect with us on LinkedIn     

Brought to you by URM, the UK’s leading information and cyber security specialists.