What is Risk?

ISO 31000 Lead Risk Manager

What is risk? There’s a lot of research into all types of risk, but in my experience, I have found that most people and organisations don’t completely grasp the concept. In this article, I will try and cut through the fancy words and “businesslese” (the formal and technical language of business governance documents) and answer […]

BIA – How to Structure the Resource Analysis for a Business Impact Analysis

BIA - Business Impact Analysis

Introduction One of the processes within the Business Continuity Management System (BCMS) is the development of a Business Impact Analysis. I have experienced several companies that are struggling with this process and this concept. In this article, I will explain the structure of one of the sections within the BIA process. This structure is analysing […]

The ERM Risk Matrix: Modelling Fault

ERM Risk Matrix

Introduction Enterprise Risk Management (ERM) is describing a Risk Matrix (ERM Risk Matrix) as a tool for ranking and displaying risks by defining ranges for consequence and likelihood. This is a very easy concept if one knows how to develop matrixes, and this is where the catch is. Over the 35 years, where I have […]

ISO 37301:2021 — Building and Maintaining a Culture of Compliance

CAA Default

In a world of global business activity, following requirements and complying with applicable laws is becoming an increasingly complex endeavour. The demand on business enterprises to behave in step with the law is increasing. In this light, stakeholders are more aware of the regulations and their requirements, and expect organizations to ensure compliance along the […]

Migrating from ISO 19600:2014 to ISO 37301:2021


What is a Compliance Management System (CMS)? For organizations seeking growth and long-term success, adhering to compliance obligations is not an option, is a must. Failing to comply with laws and regulations could mean losing millions in fines, or worse, damaging the organization’s reputation in the global marketplace.  ISO 37301:2021 is a Type A management system standard […]

Incident Management as a Requirement of ISO 18788

CAA Default

What is ISO 18788? ISO 18788 specifies the requirements and provides guidance for organizations that conduct or contract security operations.Moreover, it provides a framework for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a Security Operations Management System. It enables the constant development of security services while ensuring customer safety and respect for human rights. […]

Business Continuity: From a Best Practice to a Priority Objective

Business Continuity: From a Best Practice to a Priority Objective

The COVID-19 pandemic has changed the global business environment. During various global implementation practices for managing the pandemic, we were the audience to experience various lockdown regulations, businesses who had to make difficult decisions regarding cash flow, retrenchment of staff, placing of people on furlough and in severe circumstances, the closing down of businesses, etc.Some […]

Corruption, Corruption, Bribery, Bribery: The Non Violent Killer of a Society

CAA Default

COVID 19 has brought about hardship for millions of people across the world. In an article I wrote for the PECB for their PECB Insights Magazine, I have addressed Business Continuity, Risk Bearing Capacity (RBC) and Cloud Security. Today I am going to address Bribery and Corruption. These two issues are dear to my heart, […]

International Medical Devices Industry: FDA to Transition to ISO 13485


The U.S. Food and Drug Administration has announced that it will transition to ISO 13485:2016 after conducting a comparative analysis between the latter and the current Quality System Regulation (QSR).   In an official update from the FDA in December 2018, the reasons for and benefits of implementing ISO 13485 as the benchmark for quality management system […]

A Beginner’s Guide to Network Segregation

CAA Default

Information Security Management Network segregation is the tool used for dividing a network into smaller parts which are called subnetworks or network segments. You can think of it as the division of rooms when constructing a new house. The most important things to spend time thinking about in this case are the spacing and positioning […]

Data Controller VS. Data Processor and ISO/IEC 27701

CAA Default

Information Security Management The popularity of the terms “data controller” and “data processor” has sharply increased in recent years. In part because of the significant increase of data breach scandals from tech giants, and in part because of the unprecedented media attention is given to the enactment of data privacy regimes (such as the EU General […]

ISO 31000:2018-Risk Management Guidelines

CAA Default

The ability to predict what the future holds and choosing effectively among varying alternatives lies at the centre of contemporary societies and organizations. Risk management guidelines can help us navigate over a broad range of decision-making processes, from making investment decisions to safeguarding our health, from waging war to planning families, from paying insurance premiums […]

ISO/IEC 27001 Certification Provides the Concrete Benefits

CAA Default

Introduction Corporate data breach reports constantly hit new headlines, which serve to remind us that nowadays our information is unsecured more than it’s ever been before. In 2015, data breaches, cybercrimes, and hacking were top business issues that garnered much media attention and compromised the integrity of many companies.  According to research, no industry – […]

ISO 22000 – What the Future Holds for Food Safety

CAA Default

“Food Safety” refers to the prevention, elimination and control of foodborne diseases at the stage of consumption. In a globalized world, the impact of food safety hazards and foodborne diseases on customers’ health and well-being has raised many questions: Is the food that we eat safe? How can we ensure food safety? One thing is […]

Building a Successful Recruitment Plan with Crest Advisory Africa

CAA Default

Hiring the right employees for your business is important no matter what kind of work you’re in. Having quality employees will help your company run and grow. However, it can be a daunting task to recruit and keep top talent. Reviewing resumes and browsing profiles is only part of the job. Hiring managers need to […]

Return on Investment (ROI) Using Plan-Do-Check-Act (PDCA) Methodology

CAA Default

Introduction Crest Advisory Africa Pty Ltd (Hereafter CAA) is a Global Management System Consultancy working with diverse entities, whether private or public, to improve and grow the business we are working with to at least have a 33% to a maximum of 200% increase on their profitability. CAA’s blueprint in changing businesses around is based […]

Reduce the Risk of Project Failure with ISO 21500 Project Management

CAA Default

Project management is an inseparable part of organizations in today’s fast-changing global economy. Its practices began a century ago, but it became an essential factor of successful organizations only in the past few decades. Managing projects efficiently is crucial for organizations that want to overcome obstacles and achieve their goals and objectives. According to ISO 21500, […]

How can Six Sigma Benefit your Organization?

CAA Default

Six Sigma Benefits Reducing Waste Improving Time Management Increase Customer Loyalty Boost Employee Motivation Higher Revenues and Lower Costs Six Sigma has proven to be a very successful tool for organizations seeking to identify problems, remove roots of errors or failures, and improve their business processes. Since its conception in 1986 by Motorola Company, Six Sigma has […]

ISO 50001: A Perfect Match for Energy Efficiency

CAA Default

As the threat of energy-resource depletion has emerged, the global demand for energy is increasing constantly. Provided that billions of people still have no access to electricity, more energy will be needed in the future to improve the living standard by constructing industrial, commercial and transportation infrastructure. With this future looming, it is of utmost […]

Essential Key For Data Protection: ISO 27001

CAA Default

Is your Business protected against a breach of data and software? Are you Internationally Certified to be able to prevent hackers from stealing your organization’s valuable data? Businesses understand the importance of security. They lock their doors, install alarms, and hire security guards. Unfortunately, too many of them don’t give their data security the same […]

How to Apply Proper Risk Management Methodology on Information Security?

How to apply proper risk management methodology on information security? Risk in its negative way might be defined as one undesired consequence that may or may not occur, as  a result of specific outcome we want to achieve. Shortly, it is the effect of uncertainty on objectives, as defined in ISO 31000. Many organizations are exposed to […]

Benefits of Implementing ISO 37001 in an Organization

Benefits of Implementing ISO 37001 in an Organization

Bribery refers to any offer, giving, accepting or promising advantage with any value or bribe in order to influence the decision, action or judgement of persons in charge of duty. Any individual or organization that is involved in bribery means that they have accepted or given something with the intention of influencing the recipient in […]

Key Steps for an Effective ISO 27001 Risk Assessment and Treatment

CAA Default

In view of the developments that have occurred in the processing, storage and sharing of information; security has become an important aspect of an organization. It has become more imperative for an organization to understand the various threats and risks facing them as they seek to protect their information. The rapid development of new technologies […]

Online Learning | Beyond the Classroom

CAA Default

The education industry has gone through tremendous changes over the last decades in terms of educational opportunities, teaching methods, availability of reading materials, etc. With the advancements in technology and availability of the Internet, there has been a shift from in class to online learning. This shift was accompanied by the necessity to standardize the […]

Profit, People & Planet with ISO 20121

The Three P(’s)illars of Sustainability The concept of the “triple bottom line” was firstly introduced in 1994 by John Elkington, with the idea of organizations preparing three different bottom lines in order to measure their financial, social and environmental performance. The first bottom line stands for the traditional measure of corporate profit, specifically for the profit […]

Marriot’s’ 500 Million Data Breach Scandal

A politically inclined attack or just a ‘simple’ lack of security awareness? Whatever the case, the cyber-attack that hit Marriott was huge. This was the joint second largest data breach to take place, after Yahoo in 2013 and Equifax in 2017. A cyber attacker stole personal information including names, emails, addresses, passport numbers, and credit card information […]