Note: This post is written with a lot of help from AI, used to summarize the standards mentioned below. Artificial intelligence (AI) is reshaping industries, but it also brings new risks. From security vulnerabilities to compliance challenges, organizations must…
Category: Sorin Mustaca’s blog
Policy vs Standard vs Procedure: why, what, how
Ever wondered what the differences between these terms are? We use them in GRC very often, but we rarely think what they mean. This creates in time some stretching of these concepts, meaning that their meanings overlap to a certain…
Comparing Annex A in ISO/IEC 27001:2013 vs. ISO/IEC 27001:2022
I wrote ages ago this article, where I compared briefly the Annex A in the two versions of the standard: https://www.sorinmustaca.com/annex-a-of-iso-27001-2022-explained/ But, I feel that there is still need to detail a bit the changes, especially that now more and…