Establishing an Occupational Health & Safety Management System. A practical guide to implementing ISO 45001 for better occupational health and safety

IT Governance Publishing, Naeem Sadiq

This book is designed to guide organizations through the process of establishing an Occupational Health and Safety Management System (OHSMS) based on ISO 45001. It begins by explaining the significance of ISO 45001 and its structure, providing a foundational understanding of the standard's importance in enhancing workplace health and safety. The book focuses on critical topics such as identifying workplace risks, determining legal and other regulatory requirements, and the importance of leadership and worker participation. Each section presents practical strategies and methodologies for building and implementing an effective OHSMS, ensuring a proactive safety culture. Through real-world examples and actionable insights, this book helps professionals navigate the complexities of ISO 45001, ensuring organizations meet compliance standards while fostering a safe and healthy work environment.

EU General Data Protection Regulation (GDPR). An implementation and compliance guide

IT Governance Publishing, IT Governance Privacy Team

This book provides a thorough exploration of the EU General Data Protection Regulation (GDPR). It starts with the core principles of GDPR, explaining its purpose, key concepts, and how it impacts data controllers and processors. The book covers essential features like data subject rights, data processing principles, and privacy compliance frameworks. It also explores the role of the Data Protection Officer (DPO) and the importance of conducting data protection impact assessments (DPIAs).Focusing on practical implementation, the book highlights the need for robust information security measures to meet GDPR standards. It provides actionable advice on best practices, including managing data breaches, ensuring lawful consent, and processing subject access requests. The guide also addresses the complexities of international data transfers in line with GDPR requirements.Finally, the book outlines GDPR enforcement mechanisms, detailing the powers of supervisory authorities and the steps to demonstrate compliance. This resource offers organizations a comprehensive roadmap to align with GDPR, laying the groundwork for effective data protection and compliance.

Information Security Risk Management for ISO 27001/ISO 27002. A Practical Guide to Risk, Assessment, and Control Selection Aligned with ISO Standards

IT Governance Publishing, Alan Calder, Steve G Watkins

This guide navigates through the essential processes of risk management within an ISO 27001/27002 framework. Beginning with foundational principles and methodologies, it systematically details every stage from assessment and analysis to treatment and review. Readers will learn how to apply both qualitative and quantitative techniques to measure impact, likelihood, and risk levels accurately.The book provides clarity on roles, policies, asset classification, and control selection, reinforced by practical tools like gap analysis and risk assessment software. Real-world scenarios and methodologies are contextualized for effective decision-making aligned with international compliance standards.By the end, readers will possess a comprehensive understanding of implementing and sustaining a risk management system that meets ISO 27001/27002 requirements, enabling them to better safeguard information assets and demonstrate regulatory accountability.

Integrated Measurement - KPIs and Metrics for ITSM. A narrative account

IT Governance Publishing, Daniel McLean

This book is a comprehensive guide to understanding and utilizing Key Performance Indicators (KPIs) and metrics in IT Service Management (ITSM). It starts by breaking down complex concepts into easy-to-understand ideas, ensuring even beginners can grasp the essentials of measuring IT service performance. Early chapters introduce foundational principles, helping readers recognize why KPIs matter and how they contribute to operational success.As the book progresses, it delves into the application of these metrics to optimize ITSM processes, offering strategies to tackle challenges in data collection and analysis. The text emphasizes how to identify meaningful data amidst the noise and use it to drive informed decisions. Each chapter builds on practical insights, guiding professionals through the nuances of ITSM measurement and performance enhancement.By the end, readers will have a clear understanding of how to leverage KPIs to achieve measurable improvements, create data-driven strategies, and foster a culture of continuous improvement in their organizations. With real-world examples and actionable advice, this book equips IT professionals with the tools necessary to measure success and elevate their IT service management practices.

ISO 14001 Step by Step. A comprehensive guide to implementing ISO 14001 environmental management standards

IT Governance Publishing, Naeem Sadiq, Asif Hayat Khan

This book offers a thorough walk-through of the ISO 14001 standard, providing practical guidance on meeting its requirements. It includes clear explanations, examples, and sample procedures to help readers understand and apply environmental management principles. By following this guide, businesses can develop effective environmental policies, measure and monitor environmental performance, and continuously improve their management systems to align with sustainability goals. The book covers everything from emergency preparedness to internal audits and management reviews. It also provides tools such as sample procedures for identifying environmental aspects, ensuring regulatory compliance, and controlling documented information. Each chapter is designed to help organizations not only achieve ISO 14001 certification but also foster a long-term commitment to sustainable environmental practices.

ISO 22301:2019 and business continuity management. Understand how to plan, implement and enhance a business continuity management system (BCMS)

IT Governance Publishing, Alan Calder

This book offers an in-depth exploration of ISO 22301:2019 and its role in business continuity management. It begins by explaining the standards and their importance for building resilience against disruptions. Readers will learn the core principles of ISO 22301, including the PDCA (Plan-Do-Check-Act) cycle, leadership responsibilities, and the integration with other management systems.As the book progresses, readers will delve into key aspects of creating an effective business continuity plan, such as context analysis, identifying stakeholders, conducting risk assessments, and establishing support systems. Practical strategies are provided to help readers optimize business continuity solutions and incorporate them into their operations, ensuring preparedness for unforeseen risks.The book also examines methods for evaluating and continuously improving continuity plans. In the final chapters, readers are guided through the process of ISO 22301 certification, offering a clear path to securing certification and enhancing organizational resilience.

ISO 27001 Controls. Mastering ISO 27001: A Step-by-Step Guide to Effective Implementation and Auditing

IT Governance Publishing, Bridget Kenyon

This guide offers a comprehensive approach to implementing and auditing ISO 27001 controls, providing clear steps for establishing a robust Information Security Management System (ISMS). It is designed to help organizations navigate the complexities of meeting international security standards while ensuring the protection of sensitive information. The book covers every aspect of ISO/IEC 27001, from the foundational principles to practical applications of organizational, physical, and technological controls.Each chapter is carefully structured to explain the implementation of specific controls, focusing on real-world scenarios and offering actionable advice for security professionals. With detailed instructions and clear examples, readers will gain a deep understanding of the ISO 27001 framework and how to align their organizations with best practices. In addition to control implementation, the book emphasizes ongoing compliance and risk management strategies. It highlights critical areas such as incident management, supplier relationships, and data protection, ensuring readers can address security challenges at all levels. Whether new to ISO 27001 or looking to refine an existing ISMS, this book provides the tools necessary for successful information security management and compliance auditing.

ISO 27001/ISO 27002. A guide to information security management systems

IT Governance Publishing, Alan Calder

This comprehensive guide demystifies the ISO 27001 and ISO 27002 standards, offering a clear roadmap to understanding, implementing, and managing an Information Security Management System (ISMS). It begins with foundational concepts, a history of ISO 27001, and introduces the ISO 27000 family. The book proceeds to cover the PDCA cycle, Annex SL structure, and the significance of shall vs. should in compliance language.Core chapters walk through ISO 27001’s clauses and requirements, from organizational context and leadership to performance evaluation and continual improvement. Annex A's security controls are explored in detail, linking theory with practical application. ISO 27002 is also thoroughly reviewed to offer guidance on selecting and implementing appropriate controls.By the end of the book, readers gain a strong understanding of ISMS design, certification processes, and control mapping. This resource supports IT managers, compliance officers, and auditors seeking to align with international security standards.