Have I Been Pwned (HIBP) is a free online service that checks whether email addresses or passwords appear in publicly known data breaches. The service aggregates billions of compromised records from breaches worldwide. For your ISMS, HIBP offers a pragmatic entry point into credential monitoring. You can use the domain search function to systematically check whether company email addresses are affected. The API can also be integrated into automated processes such as password creation or employee onboarding. Ensure that affected accounts receive new passwords promptly and that multi-factor authentication is enabled.