The ISO Review Podcast

Jim
  • 0.0 (0)
  • EDUCATION
  • UPDATED DAILY

The ISO Review Podcast is a production of SimplifyISO. In each episode, we share the latest International Standards Development, and is your resource for getting the most out of your management systems. Your podcast hosts are Howard Fox & Jim Moran. Howard is a Business Coach and Host of the Success InSight Podcast. Jim is an ISO Management System Professional, celebrating  30-plus years delivering ISO support.

  1. ISO 27008: Preparing and Planning for IS Management System Assessments - Clause 8

    1D AGO

    ISO 27008: Preparing and Planning for IS Management System Assessments - Clause 8

    Welcome to the ISO Review Podcast! In this year-end episode, hosts Howard Fox and ISO Management System professional Jim Moran dive into the guiding principles of ISO 27008, focusing on clause 8—the heart of assessing controls for information security. This episode explores the importance of thorough preparations and tailored planning for control assessments, drawing on real-world experience and highlighting the necessity of clear communication, risk-based thinking, and evidence-based decision making. Whether you’re new to ISO 27008 or refining your organization’s approach, you’ll find actionable insights on preparing your team, setting objectives, and understanding the scope and criteria of your audit—all crucial for building confidence in your results. DISCUSSION 00:00 "ISO Review Podcast Highlights" 05:08 "Preparing for Effective Audits" 09:45 Audit Preparation and Planning Tips 12:43 Risk Management and Standards Compliance 14:33 "Focused Audit and Control Reviews" 22:03 "Information as an Asset" 24:34 Flexible Review Process Extension 30:12 Management Review and Documentation 31:25 Purposeful, Clear, Evidence-Based Reviews NEXT STEPS We appreciate your likes & comments, and shares.  Click here to visit the SimplifyISO website. Click here to visit the International Management System Institute website and learn how to become a Certified ISO Management System Professional. Conformance1's free online Gap Checklists: ISO 9001 - https://conformance1.com/iso9001-gap-assessment-register/ ISO 27001 - https://conformance1.com/iso-27001-gap-checklist-dashboard/ Learn more about Jim on LinkedIn & YouTube. LinkedIn LinkedIn Articles YouTube Learn about Howard's Coaching and Podcast Services onhis website at https://foxcoaching.com or on LinkedIn at  https://www.linkedin.com/in/foxcoachinginc/ KEYWORDS ISO 27008, Information Security Controls, Information Security Management System, ISO Review Podcast, SimplifyISO, Podcast #ISO27008 #InformationSecurityControls #InformationSecurityManagementSystem #ISOReviewPodcast #SimplifyISO #Podcast

    38 min
  2. Assessing ISO 27001 Annex A Controls Using Practical Review Methods from Clause 7 in ISO 27008

    DEC 9

    Assessing ISO 27001 Annex A Controls Using Practical Review Methods from Clause 7 in ISO 27008

    Welcome to another episode of the ISO Review Podcast, brought to you by Simplify ISO! In this installment, hosts Jim Moran and Howard Fox dive deep into Clause 7 of ISO 27008, unpacking practical review methods for assessing the effectiveness of Annex A controls under ISO 27001. Whether you're an internal auditor looking to sharpen your skills or someone new to information security management, this episode offers invaluable insights into process analysis, documentation reviews, interviews, technical testing, and more. Jim and Howard explore the importance of objectivity, consistency, and tailoring audit methods to an organization’s specific risks and needs. You’ll also hear real-world anecdotes and advice for building rapport, leveraging flowcharts, and achieving meaningful, repeatable assessments that truly protect your data—plus a preview of what’s next as they tee up the next episode’s focus on controlling assessment methods. DISCUSSION 00:00 ISO 27001 Annex A Assessment 05:15 "Objectivity and Repeatability in Auditing" 10:30 "Evaluating and Improving Controls" 14:25 "Streamlining Audits with Collaboration" 17:26 Training Effectiveness Needs Review 19:12 "Effective Auditing Methods" 23:53 Auditing Controls: Skills and Risks 27:07 AI Power Risks and Controls 29:11 Control Verification: Avoiding Risk 34:09 Advanced Testing Methods Overview 38:05 ISO Podcast: Clause Reviews & Resources NEXT STEPS We appreciate your likes & comments, and shares.  Click here to visit the SimplifyISO website. Click here to visit the International Management System Institute website and learn how to become a Certified ISO Management System Professional. Conformance1's free online Gap Checklists: ISO 9001 - https://conformance1.com/iso9001-gap-assessment-register/ ISO 27001 - https://conformance1.com/iso-27001-gap-checklist-dashboard/ Learn more about Jim on LinkedIn & YouTube. LinkedIn LinkedIn Articles YouTube Learn about Howard's Coaching and Podcast Services onhis website at https://foxcoaching.com or on LinkedIn at  https://www.linkedin.com/in/foxcoachinginc/ KEYWORDS ISO 27008, Information Security Controls, Information Security Management System, ISO Review Podcast, SimplifyISO, Podcast #ISO27008 #InformationSecurityControls #InformationSecurityManagementSystem #ISOReviewPodcast #SimplifyISO #Podcast

    40 min
  3. Understanding ISO 27008: Effective Methods for Auditing Information Security Management Controls

    NOV 25

    Understanding ISO 27008: Effective Methods for Auditing Information Security Management Controls

    Welcome back to another episode of the ISO Review Podcast, brought to you by Simplify ISO! This week, Howard Fox and Jim Moran kick off a brand new series diving deep into the world of ISO/IEC 27008—the essential guidelines for assessing information security controls.  In today’s episode, we set the stage by exploring the structure and background of ISO 27008, including its key sections and practical annexes for technical and cloud service assessments. Jim emphasizes the need for competent auditors, objective assessments, and documented improvements that drive real value for organizations—reminding us that having procedures is not enough; they must be properly implemented and continually improved. Whether you’re a newcomer to ISO management systems or a seasoned pro, this series is designed to help you make sense of technical control assessments, understand compliance requirements, and ensure you’re protecting client, supplier, and employee information with the highest standards.  As always, you’ll find links to resources and ways to connect with Jim and Howard in the show notes. Grab your coffee, settle in, and get ready for a foundational look at information security management! DISCUSSION 00:00 Understanding ISO 27008 Assessments 05:58 "Information Security Control Overview" 07:24 "Effective Implementation of Controls" 12:39 "Ensuring Objective Audit Practices" 16:40 Ensuring Effective Security Assessments 18:10 ISO 27001 Implementation Insight 21:45 Prioritizing Information Security Risk Mitigation 25:56 Integrated Management System Audit 31:04 "ISO Review Podcast Updates" NEXT STEPS We appreciate your likes & comments, and shares.  Click here to visit the SimplifyISO website. Click here to visit the International Management System Institute website and learn how to become a Certified ISO Management System Professional. Conformance1's free online Gap Checklists: ISO 9001 - https://conformance1.com/iso9001-gap-assessment-register/ ISO 27001 - https://conformance1.com/iso-27001-gap-checklist-dashboard/ Learn more about Jim on LinkedIn & YouTube. LinkedIn LinkedIn Articles YouTube Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, Inc. KEYWORDS ISO 27008, Information Security Controls, Information Security Management System, ISO Review Podcast, SimplifyISO, Podcast #ISO27008 #InformationSecurityControls #InformationSecurityManagementSystem #ISOReviewPodcast #SimplifyISO #Podcast

    32 min
  4. How to Assess Information Security Controls Using ISO 27008: Process, Scope, and Criteria

    NOV 4

    How to Assess Information Security Controls Using ISO 27008: Process, Scope, and Criteria

    Welcome back to another episode of the ISO Review Podcast, brought to you by Simplify ISO! This week, Jim Moran and Howard Fox dive deep into the essentials of assessing information security controls in line with ISO 27008.  Building on last week’s introduction, Jim Moran shares his expertise, highlighting the critical steps in reviewing and auditing controls from Annex A of ISO 27001, gathering evidence, and ensuring objectivity through well-structured assessment methodologies.  Whether you’re running a large organization or a small business, you’ll find practical tips for planning effective audits, resourcing your team, and leveraging checklists and flowcharts to enhance information security. Tune in for a comprehensive overview, actionable advice, and real-world examples designed to help you get the most out of your management systems and stay ahead in the ever-challenging world of information security. DISCUSSIOON 00:00 Information Security Control Assessments 05:00 "Assessment Tips and Tools" 07:17 Checklist Methodology and Evidence Gathering 12:38 Cybersecurity Auditing & Penetration Testing 15:19 Privacy Compliance in Home Care 18:33 ISO 27002 Training Importance 23:24 Auditor Roles and System Strengthening 24:58 Audit Purpose: Beyond Procedure Compliance 29:33 "Linking Risk to Audit Results" 33:09 ISO Podcast Episode Wrap-Up NEXT STEPS We appreciate your likes & comments, and shares.  Click here to visit the SimplifyISO website. Click here to visit the International Management System Institute website and learn how to become a Certified ISO Management System Professional. Conformance1's free online Gap Checklists: ISO 9001 - https://conformance1.com/iso9001-gap-assessment-register/ ISO 27001 - https://conformance1.com/iso-27001-gap-checklist-dashboard/ Learn more about Jim on LinkedIn & YouTube. LinkedIn LinkedIn Articles YouTube Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, Inc. KEYWORDS ISO 27008, Information Security Controls, Information Security Management System, ISO Review Podcast, SimplifyISO, Podcast #ISO27008 #InformationSecurityControls #InformationSecurityManagementSystem #ISOReviewPodcast #SimplifyISO #Podcast

    35 min
  5. Leveraging AI Tools for Effective ISO 9001 Risk Analysis and Audit Preparation

    NOV 4

    Leveraging AI Tools for Effective ISO 9001 Risk Analysis and Audit Preparation

    Welcome back to another insightful episode of the ISO Review Podcast, brought to you by Simplify ISO! This week, Jim and Howard dive deeper into the intersection of artificial intelligence and ISO risk management, building on their previous discussion. With Jim sharing wisdom from over three decades in ISO support, and Howard adding his expertise with AI tools, the conversation explores practical ways organizations can leverage AI to streamline ISO 9001 processes—especially when it comes to identifying, analyzing, and mitigating risks. DISCUSSION 00:00 AI & Risk Management Insights 05:23 "ISO 9001: Context & SWOT Guide" 06:51 Home Health Care SWOT Analysis 13:13 "Determining ISO 9001 Risks" 14:28 Risk Assessment and Mitigation Strategies 18:19 Risk Determination and ISO 31000 23:04 "Checklist for Safer Operations" 28:12 AI Enhancing Risk Assessment Expertise 30:09 Using AI for Webinar Creation NEXT STEPS We appreciate your likes & comments, and shares.  Click here to visit the SimplifyISO website. Click here to visit the International Management System Institute website and learn how to become a Certified ISO Management System Professional. Conformance1's free online Gap Checklists: ISO 9001 - https://conformance1.com/iso9001-gap-assessment-register/ ISO 27001 - https://conformance1.com/iso-27001-gap-checklist-dashboard/ Learn more about Jim on LinkedIn & YouTube. LinkedIn LinkedIn Articles YouTube Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, Inc. KEYWORDS Artificial Intelligence, AI, SWOT Analysis, Information Security Management System, ISO Review Podcast, SimplifyISO, Podcast #ArtificialIntelligence #AI #SWOTAnalysis #InformationSecurityManagementSystem #ISOReviewPodcast #SimplifyISO #Podcast

    35 min
  6. Using Artificial Intelligence to Strengthen Risk Identification in Your ISO Management Systems

    OCT 7

    Using Artificial Intelligence to Strengthen Risk Identification in Your ISO Management Systems

    Welcome back to the ISO Review Podcast, your trusted resource for the latest in international standards and maximizing your management systems. In this episode, hosts Jim and Howard dive into one of the most requested topics in the ISO world: risk and opportunity management. Jim draws from his 33 years of experience to share practical strategies for strengthening risk identification, sharpening evaluation tools, and, most importantly, embedding risk awareness deep into your organization’s culture. The conversation takes a timely turn by exploring how artificial intelligence can supercharge your ISO management system, from streamlining risk analysis to making the most of your internal audits. Jim offers actionable tips, real-life examples, and even introduce techniques like flowcharting and the PESTLE analysis for a fresh perspective on spotting potential pitfalls and unlocking hidden opportunities. DISCUSSION 00:00 Strengthening Risk and Opportunity Management 04:18 Embedding Risk in Internal Audits 10:27 Balancing Risks with Opportunities 13:19 "Everyone Manages Risk" 15:23 The Complexity of Small Changes 21:02 Risk Mitigation: Remove, Replace, Reduce 22:14 Flowchart-Driven Risk Management 27:01 AI's Impact on Risk Identification 28:40 Podcast Wrap-Up and Resources NEXT STEPS We appreciate your likes & comments, and shares.  Click here to visit the SimplifyISO website. Click here to visit the International Management System Institute website and learn how to become a Certified ISO Management System Professional. Conformance1's free online Gap Checklists: ISO 9001 - https://conformance1.com/iso9001-gap-assessment-register/ ISO 27001 - https://conformance1.com/iso-27001-gap-checklist-dashboard/ Learn more about Jim on LinkedIn & YouTube. LinkedIn LinkedIn Articles YouTube Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, Inc. KEYWORDS Artificial Intelligence, AI, PESTLE analysis, Information Security Management System, ISO Review Podcast, SimplifyISO #ArtificialIntelligence #AI #PESTLEanalysis #InformationSecurityManagementSystem #ISOReviewPodcast #SimplifyISO MUSIC Think Different by Scott Holmes Music - https://scottholmesmusic.com

    30 min
  7. Sneak Peek at the ISO 9001 Draft Update: Changes, Clarifications, and Industry Impact

    SEP 23

    Sneak Peek at the ISO 9001 Draft Update: Changes, Clarifications, and Industry Impact

    Click here to learn about our new DIY ISO 9001 program using AI Welcome to the ISO Review Podcast. In this episode, Jim and Howard chat about the upcoming changes to ISO 9001, offering listeners an exclusive sneak peek at the new Draft International Standard set to shape quality management systems worldwide. DISCUSSION 00:00 Global Reach of ISO 9001 05:55 ISO 9001 Update Preview 07:01 ISO Draft to International Standard Process 12:42 Quality Management Standards Differentiation 14:56 Distinguishing Risks and Opportunities Guidance 17:46 Focus on ISO Standards Clause 8 23:24 Internal Audit Program Essentials 26:12 "Streamlining ISO for Cost Efficiency" 32:59 "Podcast Wrap-Up and Links" NEXT STEPS Please follow us on your preferred podcast directory. We appreciate your likes & comments, and shares.    Click here to visit the SimplifyISO website. Click here to visit the International Management System Institute website and learn how to become a Certified ISO Management System Professional. Click here to get Conformance1's free online Gap Checklists: ISO 9001 - https://conformance1.com/iso9001-gap-assessment-register/ ISO 27001 - https://conformance1.com/iso-27001-gap-checklist-dashboard/ Learn more about Jim on LinkedIn & YouTube. LinkedIn LinkedIn Articles YouTube Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, Inc. KEYWORDS ISO 9001, Information Security, DIY ISO, AI Prompts, Online Forms, ISO Certification, SimplifyISO, ISO Review Podcast #ISO9001 #InformationSecurity #DIYISO #AIPrompts #OnlineForms #ISOCertification, SimplifyISO #ISOReviewPodcast MUSIC CREDIT 108 52nd Street Music by TOOONE from Pixabay

    34 min
  8. Enhancing Information Security Management Systems with AI

    SEP 1

    Enhancing Information Security Management Systems with AI

    Click here to learn about our new DIY ISO 9001 program using AI . Welcome back to the ISO Review Podcast. In this episode, hosts Jim Moran and Howard Fox are joined by special guest Dejan Kosutic, CEO of Advisera. Dejan is a renowned cybersecurity expert for ISO 27001. He is passionate about making compliance accessible. Dejan and Jim discuss how to use Artificial Intelligence (AI) to enhance your Information Security Management System (ISMS). DISCUSSION AI and ISO 27001: Use cases for integrating AI into ISO 27001 compliance and information security. AI Accessibility: It’s now much easier for non-experts to build AI-based tools internally due to simplified technology.Security Concerns: Privacy and accuracy as major concerns when using AI for information security. The Changing Role of Security Professionals: AI will allow consultants and security managers to focus less on routine tasks and more on managing change and people. Change Management: Resistance to change within organizations and how AI might reduce this resistance by personalizing and democratizing information. AI for Learning and Development: AI can personalize training and generate relevant educational content for employees at different levels. Human Oversight: With AI producing vast amounts of information, Jim emphasized the importance of curating and interpreting this data. Career Development and AI: Dan mentioned that junior consultants are now able to advance much more quickly using AI, but that entry-level tasks are disappearing. Future-Proofing Your Career: Both Jim and Dan agreed that embracing AI is essential to staying relevant.NEXT STEPS We appreciate your likes & comments, and shares.  Click here to visit the SimplifyISO website. Click here to visit the International Management System Institute website and learn how to become a Certified ISO Management System Professional. Conformance1's free online Gap Checklists: ISO 9001 - https://conformance1.com/iso9001-gap-assessment-register/ ISO 27001 - https://conformance1.com/iso-27001-gap-checklist-dashboard/ Learn more about Jim on LinkedIn & YouTube. LinkedIn LinkedIn Articles YouTube Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, Inc. Click here to learn more about Dejan Kosutic Advisera: https://advisera.com/ LinkedIn: https://www.linkedin.com/in/dejankosutic/ YouTube: https://www.youtube.com/@DejanKosutic KEYWORDS Dejan Kosutic, Advisera, Information Security Management System, ISO Review Podcast, SimplifyISO #DejanKosutic #Advisera #InformationSecurityManagementSystem #ISOReviewPodcast #SimplifyISO MUSIC Think Different by Scott Holmes Music - https://scottholmesmusic.com

    34 min
See All (73)

About

The ISO Review Podcast is a production of SimplifyISO. In each episode, we share the latest International Standards Development, and is your resource for getting the most out of your management systems. Your podcast hosts are Howard Fox & Jim Moran. Howard is a Business Coach and Host of the Success InSight Podcast. Jim is an ISO Management System Professional, celebrating  30-plus years delivering ISO support.

Information

  • Creator
    Jim
  • Years Active
    2022 - 2025
  • Episodes
    73
  • Rating
    Explicit
  • Copyright
    © 2025 The ISO Review Podcast
  • Show Website
    The ISO Review Podcast