How to build a security culture using ISO 27001 with Tobias Miekle
In this episode of Exploring Standards, host Jess sits down with Tobias Mielke, Global Product Manager at TÜV Nord, to explore one of the most overlooked dimensions of information security - culture. While many organisations treat ISO 27001 as a compliance checkbox, Tobias makes the case that the standard is actually a powerful framework for embedding security into the DNA of your organisation. From phishing emails to access controls, real security starts with how people think and behave when no one is watching. What You'll Learn What ISO 27001 is and why every organisation, regardless of size or sector, needs to take information security seriously The difference between having security policies and actually having a security culture Why leadership buy-in isn't just helpful, it's essential for any ISMS to succeed How the risk assessment process helps employees understand their personal role in protecting information Which Annex A controls typically require the biggest cultural shift (and why access management and incident reporting top the list) How to embed security controls into daily habits rather than treating them as annual compliance exercises The real-world external benefits of a strong security culture, from customer trust to commercial advantage How to measure whether your security culture is genuinely improving, not just audit-ready The single most important first step any organisation can take tomorrow to start building a real security culture Key Takeaway Security culture isn't built through policy documents, it's built through people. When leadership visibly champions information security as a business priority, and when employees understand the why behind the controls, ISO 27001 transforms from a compliance label into a practical roadmap for lasting organisational change. About Tobias Tobias Mielke is Global Product Manager at TÜV Nord Group, based in Germany, where he oversees the technical development and ongoing support of a portfolio of management system standards, including ISO 27001 (Information Security Management Systems), ISO 27701 (Privacy Information Management), ISO 22301 (Business Continuity Management), and ISO 42001 (AI Management Systems). In addition to his product management role, Tobias works as an ISO Lead Auditor for information security and related standards, with hands-on experience certifying organisations across multiple sectors, including critical infrastructure. Connect with Tobias: Website: https://www.tuv-nord.com/uk/en/ Linkedin: www.linkedin.com/in/tobiasmielke Connect with Assent: LinkedIn: / associate-enterprises-ltd-t-a-assent Facebook: / assentuk Youtube: / @assentriskmanagement3446 Instagram: @assentriskmanagement Subscribe for more episodes exploring standards, compliance, and governance topics!

ISO 14001:2026 Update Released: Key Changes Explained

Understanding IATF 16949: The Automotive Quality Standard Explained with Gary Beales

ISO 27001 Basics: Everything You Need to Get Certified

What do tech pioneers think about the AI revolution? - The Engineers, BBC World Service

Australian Family Law Podcast (AFLP): Ep17- Positive Co-Parenting Behaviour Post Separation

How to Speak Clearly & With Confidence | Matt Abrahams

DUAA Compliance - Meeting the 2026 Deadline in Practice

Think Fast, Talk Smart: Communication Techniques

Evolution of ISO with Rob

Build or buy? Make the right e-invoicing decision for your product – E-invoicing masterclass

The World's Most Important Machine

Webinar: ISO 14001:2026 – What’s Changed and What You Need to Do Now

Billionaire's WARNING: I'm SELLING. The Crash Is Already Here!

Launching Vaelo Aerospace: Breaking Into Aerospace & Defence

Think Faster, Talk Smarter with Matt Abrahams

Mental Models That Change How You Think | Bill Gurley

'Listen Like You Might Be Wrong': Harvard Student Goes Viral For Stunning Speech On Trump Amid Feud

How to Claim Your Leadership Power | Michael Timms | TED

