APAC

MSECB logo in the brands color, dark red

MSECB

Home → News & Resources → Webinars

Pitfalls to Avoid: Common Mistakes in the ISO/IEC 27001 & ISO/IEC 27701 Certification Journey

Presented by
Mostafa AlShamy

Mostafa AlShamy is a trainer, assessor, consultant, and then auditor with more than 20 years of experience in GRC and respective fields, including but not limited to SMS, ISMS/PIMS, BCMS, RM, Data Governance, and Management.

In the last six years, he has conducted tens of audits on behalf of MSECB over four continents. Through his experience, he has helped many organizations express their commitment to quality and continuous improvement.

Summary

Audit is all about discovering weaknesses and strengths in the audited organizations. An auditor’s job can be easy or difficult, depending on how the auditor manages the relationship with the auditee. It takes a lot of effort to provide accurate comments and conclusions so that the auditee will accept them and move forward with improvements.

This webinar will discuss how to avoid Common Mistakes in the ISO/IEC 27001 & ISO/IEC 27701 Certification Journey.

Join us to learn how to build an ISMS and PIMS that can pass the certification audit easily in one go.

By joining this webinar, you will learn:

  • Identifying and addressing weaknesses in your ISMS and PIMS.
  • Strategies to streamline the certification process and reduce the risk of audit findings.
  • Best practices for building a solid foundation for conformity with ISO/IEC 27001 and ISO/IEC 27701
  • Identifying potential pitfalls during an audit.
  • Real-world examples and case studies of successful certification journeys.

Who should attend:

  • Information security and privacy professionals.
  • Compliance and risk management teams.
  • IT and cybersecurity personnel.
  • Executives and decision-makers.
  • Consultancy organizations.
  • Anyone seeking ISO/IEC 27001 & 27701 certification insights.

Summary

On October 10, 2023, Mostafa AlShamy led the webinar entitled “Pitfalls to Avoid: Common Mistakes in the ISO/IEC 27001 & ISO/IEC 27701 Certification Journey.” In the course of this presentation, Mostafa precisely defined the crucial steps in the certification process, placing significant emphasis on the preparatory measures required before the certification audit as well as the requisite post-audit modifications to the Management System (MS). He gave concrete examples to support his points, which helped to clarify the potential problems that businesses should take precautions to avoid.

We extend our sincere gratitude to all participants who submitted questions. It is important to note that, while we were unable to address all inquiries during the live session, we made sure to provide some of the responses in the Webinar Q&A Session below.

For those who missed the live session, we have prepared a recording of the webinar, see below. Check out all the valuable insights and knowledge shared during the session and share the link with colleagues and peers who may benefit from it.

Stay tuned for more exciting webinars in the coming months!

Presented by Mostafa AlShamy

Mostafa AlShamy is a trainer, assessor, consultant, and then auditor with more than 20 years of experience in GRC and respective fields, including but not limited to SMS, ISMS/PIMS, BCMS, RM, Data Governance, and Management.

In the last six years, he has conducted tens of audits on behalf of MSECB over four continents. Through his experience, he has helped many organizations express their commitment to quality and continuous improvement.

Recorded webinar

Webinar Presentation

Webinar Q&A Session

1. Can we use FMEA for Risk Assessment?

ISO/IEC 27001 and ISO/IEC 27701 do not require a specific risk assessment/treatment methodology. So, use what suits your organization most.

2. What should an organization do if they decide after a certification audit to include something that was initially excluded from the SoA?

The organization can update the SoA based on the output of the risk assessment and just update the auditor in the following audit about the update version of the SoA and respective changes.

3. What is your recommendation for the journey of certification, can this be done as a Task or a Project?

Certification journey is a project as it includes many activities over three years.

4. How can organizations ensure ongoing compliance with ISO 27001 and ISO 27701 after achieving certification, and what are the consequences of failing to do so?

This can be done by having continuous monitoring with clear roles and responsibilities. If ongoing compliance with ISO 27001 and ISO 27701 after achieving certification is not achieved the certificate can be easily withdrawn by the certification body after a warning.