Engagement Hub | ISO - Periodic checks

Project Overview

What is ISO 27001 and ISO 27001 certification: A brief explanation

What ISO 27001 standard is and how it is connected to ISO 27001 certification.

ISO 27001 isan international standard on information securitythat is recognised around the world. The main goal of ISO 27001 is to ensure that only authorised individuals can access the information, can only change the information, and is easily accessible when required.
ISO 27001provides a framework for businesses of any size or industry to set up an effective and reliable system to manage their information(Information Security Management System).This involves clauses that outline the requirements and a set of rules referred to as “controls” that your ISMS should follow.

Businesses that set up an ISMS according to the requirements outlined in ISO 27001 standard can obtainISO 27001 certification. (In short, this means that your ISMS has been given the stamp of approval by an independent certifying body.)
ISO 27001 compliance requires an initial certification audit (extrernal assessor), a recertification audit every three years (external assessor), internal audits every year; and after you are awarded your certification, your organization will need to undergo surveillance audits (external assessor)in years one and two after your certification audit. In year three, you’ll need to undergo a recertification audit.

Engagement Hub and ISO27001

Information security and privacy has become a key challenge for small business owners to overcome and this is increasing IT involvement in procurement. . Engagement Hub has decided that gettingISO 27001 certification will assist us to demonstrate to clients that we hav aninformation security system that is in line with international standards, giving them peace of mind that oursystems and the data theycollect are organised, secure from all types of threats, and also protected from future threats.

Process and store the information securely,
Set up a system to manage information security risks,
Allocate dedicated resources to focus on information security

This page is designed to collect and store information necessary to maintain our ISMS (Information Security Management System) and assist with audits by maitining a record of the work we are doing to maintain security and privacy.

Some Tasks will be send on a regular basis and others will be ad-hoc as required. Each will have a deadline, so please respond by that date or make arrangements if this cannot be achieved.

The News/ Blogs widget has been set up to be a repository of interesting information to keep yourup to date (and your emails boxes clear); and support the more formal training that will be a core part of our ISO 27001 process. Please note, we would like you to log in using your work email when you use this site so we can have a record of the work being done.

For more infomation on this page or specific requests, please contact Kate Woodbridge or Gillian Woolley on ...

Tasks & Confirmations

Security Training - AI 2025

Hi all,

As part of our ISO27001 accreditation, we have started rolling out training in information security. A fully comprehensive training program including all our policies and procedures will become available later this year. Until then, we have all been completing the short e-courses provided by Council of Small Business Organisations of Australia (CyberWarden) and courses in Privacy from the Office of the Australian Information Commissioner.

Cyberwardens have just released Cybrerwardens Level 2, all about Safe Artificial Intelligence for small business.

Would you please complete the course sometime in the next month and when completed, upload a copy of your certificate by 18 August 2025. (if this conflicts with your other priorities, please let me know and we can make arrangements).

Details of the course can be found in our News/ Blogs here or you can go directly to the CyberWardens page here.

Thank you and best wishes

Gillian

Please confirm you have actioned this training request
Password updates July 2025

Hi all,

There was a major breach last week with over 16 million pieces of new data. The experts are unsure exactly what is in it, but the recommendation is to ensure your security, please update the following passwords:
- Google
- Facebook
- Instagram
- Apple
When selecting the password:
- Select strong, unique passwords that are not reused across multiple platforms
- Consider also adding a passkey which will link to your devices. If you do this I recommend you add multiple devices and have a recovery email. (They are saying that passkeys are now the most secure option but I'm not fully convinced - what if your phone is stolen or missing or broken???).
- Enable multi-factor authentication (MFA) wherever possible, you can use your work phone or email or an authenticator app on your phone
- Closely monitor your accounts
- Contact customer support in case of any suspicious activity
- If you think you've been infected, remove all cookies. There have been cases where the existing cooking allows nefarious actors to bypass the changed password/ MFA.
I've updated the work facebook account and updated the password in the operations manual.

We will be adding a work password manager in the new financial year. I recommend you start using one (Bitwarden has a free version which I am using at work) and when the new work password manager is activated, you will be able to export your list from Bitwarden and upload to the paid version we end up using. The new password manager will allow us to have shared access to the accounts we all use and separate accounts for those that we use individually).

I do recommend that you update your personal accounts as well and use a password manager enabling MFA for your most important accounts like banks, email, super, mygov type logins.

Best wishes

Gillian

Please confirm you have actioned this security request

Latest News/Blog

Social Engineering Cyber Security Threat

ASD seen an increase in cybersecurity incidents with cybercriminals pretend to be someone you know or trust, tricking you into revealing sensitive information or doing something that breaches online security. Increasingly they are targeting high profile individuals within an organisation.

Safe AI for Small Business - New Cyberwardens e-Course

A new Cyber Wardens e-training course is now available. Free and simple to access small business online cyber security training, funded by the Australian Government.

Sidebar Flipbox/Slider Tool

What is ISO27001?

An internationally recognised standard for creating and maintaining an effective information security management system (ISMS).

ISO 27001 certification offers an impartial, external validation that a company’s ISMS fulfils the ISO 27001 standard criteria.

What is an Information Security Management System (ISMS)?

An Information Security Management System (ISMS) is a framework of policies, procedures and controls designed to monitor and protect your business’s sensitive data.

By implementing an ISMS, you can better protect information and assets from cyber threats, data breaches, and other...

Project Document Library

Background Documents

Engagement Hub's Governance Framework

How To....

Maximise protection using Microsoft

Maximise protection using Apple

Maximise protection using Google

FAQ

No Record Found.

Who's Listening

Kate Woodbridge

Managing Director and Founder
Engagement Hub and My Business App

Kate is the Managing Director and Founder of My Business App Pty Ltd, trading as Engagement Hub. Kate is one of two people on the Management Review Meeting required for ISO 27001 certification.
Gillian Woolley

Information Security Leadership
Engagement Hub and My Business App

Gillian is one of two people on the Management Review Meeting required for ISO 27001 certification and is the main person setting this site and ensuring the ISO data is collected for us to pass audit.

Other Information (Embed) Tool