Methodology

Overview

This site is a reference for the ISO/IEC 27001:2022 framework, built to make the certification easier to understand and apply.

Purpose

My inspiration for this project came from a previous role where I worked with the Microsoft 365 App Compliance Program. It was the first time I came across certification documentation that showed what compliant evidence actually looks like, with real examples, for free.

I use Microsoft 365 throughout this site for the implementation examples I provide for each control, because it is what I know best, but the security principles apply regardless of the vendor. Secure authentication, encryption, and logging, the goal is the same no matter what platform you are working with.

This project also uses artificial intelligence as part of the workflow. I use it to help with translation and web design.

Legal Disclaimer

This site is intended to share my knowledge in cybersecurity. The content reflects my professional experience and does not replace legal advice in any way. The templates and documents provided are for informational purposes only. I do not guarantee their accuracy or that they meet the specific needs of your organization.

As cybersecurity regulations and standards are constantly evolving, these templates may require updates to reflect changes in applicable laws, regulatory frameworks, or best practices. I disclaim all liability for any errors, omissions, or consequences arising from their use.