Governance
- Jodie Miners
Governance is all about how you manage the risks of your business being online and having an IT system.
ISO 27001 is the international standard, but most small businesses won’t need this.
The Essential 8 by Aust Cyber is a good starting point, but there is even stuff there that is not relevant.
The important thing is to know what is relevant and what is not, and then have good governance around the relevant things and good documentation as to why things are not relevant then check in periodically that things have not changed.
https://www.isms.online/iso-27001/iso27001-statement-applicability-simplified/ to help with what is relevant
https://donesafe.com/ or https://www.usefolio.com/ if you do any audit or risk management in your company, software like this is important.
https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager?view=o365-worldwide