Please select user.Assign
There are no topics yet.
Can we be gdpr and iso27001 compliant with 1 employee? 2 employees? And working with freelancers/consultants
I hope you're doing well. I watched the ISO 27001 Lead Auditor Exam training videos and found them to be very useful! Thank you for offering this free training. I am leading the ISO 27001 internal audit efforts at my company for the first time this year and wanted to seek your guidance. Our company's ISMS is ISO 27001 certified and we also have a SOC 2 Type 1 certification.
1. Are we required to include the SOC2 controls in the ISO 27001 Statement of Applicability?
2. If we were to add all of the SOC2 controls this year, would all these controls be tested during this year's external surveillance audit? I'm planning out the scope of the internal audit and which controls to test, but we have limited resources and time. It seems duplicative to me to include the SOC2 controls since those are tested independently as part of the SOC2 audit. I understand an internal audit is not required for the SOC2 certification, but I see the benefit of performing an internal review to identify issues that could be mitigated before the SOC2 cert audit.
Which section of iso 27001 mentioned o confidentiality?
1. How to start documenting Statement of Applicability.
2. What approach to follow?
3. Who all should one interact with?
What are the more critical areas to prioritize focus during implementation?
What system/application you recommend to control documents, incidents and other stuff from ISO standards?
What KPIs will be the best to choose for monitoring metrics?
The question is: what is considered ‘business-relevant data’ as mentioned in the document ‘A.8.2 IT Security Policy’ and is there a list that we can use to help us identify instances of this?
1. What implementation issues do you usually have?
2. Do you have implementation shortcuts that helps you streamline an implementation?
1. What is the best methodology for an information security risk assessment?
2. How to ensure if privacy principles are dealt with in accordance with relevant legislation and regulations? If the client says that he is performing an assessment to ensure he is in line with the DPA, is this information enough to make him compliant with clause 18.1.4?