Free Isms

Writing a SaaS vulnerability management policy using AI

Writing a SaaS vulnerability management policy using AI

Learn the basics of writing simple, ISO-compliant, vulnerability management policies for SaaS companies

A vulnerability management policy is a key component of an Information Security Management System (ISMS). This is especially true for SaaS companies selling cloud products. Before buying such products, customers will seek proof that product security vulnerabilities are consistently managed.

While a vulnerability management policy, on its own, cannot offer bullet proof guarantees, it is still considered a must-have. Any customer needing assurance that proper vulnerability management practices are being followed by suppliers will expect one.

Free SaaS ISMS quickstart

Free SaaS ISMS quickstart

Learn what it takes and what is needed to put together a free ISMS for SaaS companies

To carry out business, today’s SaaS organisations must demonstrate some level of compliance with internationally recognised cybersecurity standards. For SaaS companies, ISO 27001 is the certification that is most requested by customers. Obtaining such certification allows companies to demonstrate a systematic approach to information security supported by a credible commitment to employ best practices and continuously improve.

To obtain the certification companies must put in place an Information Security Management System (ISMS) conforming to the ISO 27001 standard. For SaaS companies, creating a basic ISMS should not require large investments. Knowing how to obtain ISO 27001 efficiently and an understanding of what a minimal implementation looks like is all that is required.

Running rapid risk assessments using Google Gemini and Confluence

Running rapid risk assessments using Google Gemini and Confluence

Need to run a risk assessment for a project or tool? Learn how Gemini and Confluence can help you do it faster

If you work in cybersecurity governance, risk and compliance (GRC), chances are you’ve been asked to run rapid risk assessments. The story is often the same: you are going about your day when suddenly a manager asks you to run a security risk assessment for a new tool or project. Unsurprisingly, deadlines are often tight as everything stops while stakeholders wait for security approval. When this happens, how can we deliver risk assessment as fast as possible?

Build a free ISMS: how to create a great landing page

Build a free ISMS: how to create a great landing page

A landing page is a key part of your ISMS. Learn how to create the perfect one to help your colleagues and auditors

An ISO 27001 Information Security Management System (ISMS) landing page is a resource that provides information about an organisation’s ISMS. It can be used to educate employees about information security, communicate the organisation’s commitment to information security, and demonstrate that the organisation is meeting the requirements of ISO 27001.

Creating a good landing page is not at all complicated: a few simple building blocks are needed and the trick is to know what ISMS pages to include within the different sections of the landing page.