https://sgrii.com/2026/04/13/iso-27001-metrics-effectiveness-vs-activity/ 2026-04-13T11:48:52Z SGRII Performance & Digital Solutions en ISO 27001:2022 Your ISMS Dashboard Reports Activity. Your Auditor Will Ask About Effectiveness. These are Different Questions with Difference Evidence Standards 2026-04-13T11:48:35Z Blog https://sgrii.com/2026/04/13/iso-27001-internal-audit-operational-vs-document-audit/ 2026-04-13T11:25:21Z SGRII Performance & Digital Solutions en ISO 27001:2022 Your ISMS Internal Audit Reviewed Documents. A Stage 2 Auditor Will Test Controls. These Are Not The Same Activity And The Gap Between Them Is Where Certification Credibility Lives. 2026-04-13T11:24:52Z Blog https://sgrii.com/2026/04/13/iso-27701-integration-isms-pims-architecture/ 2026-04-13T11:12:51Z SGRII Performance & Digital Solutions en ISO 27001:2022 ISO 27701 Is No Longer an Extension. It is a Standalone Standard. Most Organisations Implementing Both Have Not Absorbed What That Means Architecturally. 2026-04-13T11:12:13Z Blog https://sgrii.com/2026/04/13/iso-27001-corrective-action-root-cause/ 2026-04-13T11:07:22Z SGRII Performance & Digital Solutions en ISO 27001:2025 "Employee Clicked the Phishing Link" Is NOT a Root Cause. It is a Description of What Happened. ISO 27001 Clause 10.2 Requires You to Explain Why the System Allowed It. 2026-04-13T11:06:53Z Blog https://sgrii.com/2026/04/13/iso-27001-risk-assessment-scenario-based-methodology/ 2026-04-13T11:03:37Z SGRII Performance & Digital Solutions en ISO 27001:2022 Your Risk Assessment Identified Risks. It Should Have Identified Risk Scenarios. The Difference Determines Whether Your SoA is Defensible or Decorative. 2026-04-13T11:02:56Z Blog https://sgrii.com/2026/04/13/iso-27001-annex-a6-a7-people-physical-controls-governance/ 2026-04-13T10:53:52Z SGRII Performance & Digital Solutions en ISO 27001:2022 Twenty-Two Controls That Most Implementations Delegate to HR and Facilities. ISO 27001 Delegates Them to Nobody. They are Information Security Controls. 2026-04-13T10:53:12Z Blog https://sgrii.com/2026/04/13/iso-27001-annex-a8-technological-controls-audit-evidence/ 2026-04-13T10:47:21Z SGRII Performance & Digital Solutions en ISO 27001:2022 Thirty-Four Technological Controls. Seven New Since 2022. Stage 2 Auditors Test These Operationally. Most ISMS Programmes are Not Prepared for That Test. 2026-04-13T10:46:22Z Blog https://sgrii.com/2026/04/13/iso-27001-annex-a5-organisational-controls-policy-vs-control/ 2026-04-13T10:40:27Z SGRII Performance & Digital Solutions en ISO 27001:2022 Thirty-Seven Organisational Controls. Three New Since 2022. Most Implementations Treat Them as Policies. The Standard Treats Them as Operational Obligations. 2026-04-13T10:39:49Z Blog https://sgrii.com/2026/04/13/iso-27001-integration-isms-2/ 2026-04-13T10:35:14Z SGRII Performance & Digital Solutions en ISO 27001:2022 Your Statement of Applicability Was Built from Annex A. It Should Have Been Built from Your Risk Register. Here is the Correct Construction Sequence. 2026-04-13T10:33:52Z Blog https://sgrii.com/2026/04/13/iso-27001-integration-isms/ 2026-04-13T10:30:20Z SGRII Performance & Digital Solutions en ISO 27001:2022 Your ISMS Has Seven Clauses and Ninety-Three Controls. Most Certified Systems Treat Them as Independent Components. They Are Not. 2026-04-13T10:29:22Z Blog https://sgrii.com/2026/04/12/iso-27001-clause-9-performance-evaluation-decision-making/ 2026-04-12T06:07:19Z SGRII Performance & Digital Solutions en ISO 27001:2022 Your Management Review Is A Presentation. ISO 27001 Clause 9 Requires It to Be A System Decision Mechanism. These are NOT the Same Thing. 2026-04-12T06:06:39Z Blog https://sgrii.com/2026/04/12/iso-27001-clause-8-operational-control-evidence/ 2026-04-12T06:02:43Z SGRII Performance & Digital Solutions en ISO 27001:2022 Your Risk Treatment Plans Are Not Controls. They are Plans. ISO 27001 Clause 8 Requires Evidence That The Plans Became Operational Reality 2026-04-12T06:02:11Z Blog https://sgrii.com/2026/04/12/iso-27001-clause-7-support/ 2026-04-12T05:53:05Z SGRII Performance & Digital Solutions en ISO 27001:2022 Awareness Training is Not Competence. ISO 27001 Clause 7 Requires Both - With Different Evidence Standards for Each. 2026-04-12T05:52:13Z Blog https://sgrii.com/2026/04/12/iso-27001-clause-6-risk-soa-traceability/ 2026-04-12T05:48:12Z SGRII Performance & Digital Solutions en ISO 27001:2022 Your Statement of Applicability Listed Controls. Your Risk Register Should Have Selected Them. For Most Certified Systems, That Process Ran in Reverse. 2026-04-12T05:46:34Z Blog https://sgrii.com/2026/04/12/iso-27001-clause-5-leadership/ 2026-04-12T05:39:14Z SGRII Performance & Digital Solutions en ISO 27001:2022 Signing the Information Security Policy Is Administration. ISO 27001 Clause 5 Requires Leadership. Most Boards Cannot Provide the Difference on Evidence. 2026-04-12T05:38:29Z Blog