Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
A.6.2 Mobile Device and Teleworking Policy
Our team has recently started to look into the documents from the package.
At this moment I am trying to start working on the “A.6.2 Mobile Device and Teleworking Policy”. In this document, there’s a point which says:"protection of sensitive data must be implemented in accordance with the [Information Classification Policy]"
Can you please provide some guidance hear, what should we add in information Classification Policy or what kind of techniques can help us to Implement this Process?
Can you please help us with it document at the earliest possible. -
ISO 27001 Security Awareness Training
Hi,
Can your Awareness training cover some of your controls without need to further document. Say for instance i have a slideshow presentation and it covers media handling. It is ok to say that the control is selcetd in the SoA and reference out to the training document?
Thank you, -
A-14.2.5 - Secure system Engineering Principles
As per ISO27001 “Secure system Engineering Principles” is a mandatory document. I went via multiple threads in https://community.advisera.com as well. Any specific reason why Advisera doesn’t provide a template for the same in Toolkit in spite of being a mandatory document.
-
List of regulatory, contractual and other legal obligations
I noticed that in some comments on the templates, the links that involve videos or articles to clarify the correct filling of the document are broken, especially those from *infosecpedia.info domains and in some cases from *iso27001standard.com.
I would like to know what to fill in the columns of the "List of regulatory, contractual and other legal obligations"?
-
MATRIZ RACI ISO 27001
Con el fin de establecer las responsbilidades de TIC y Seguridad de la Información, quisiera saber si talvez ya han preparado este tipo de documentos por favor Muchas gracias.
-
Annex A
Hello, I bought ISO27001 full package documents.
I'm wondering if all of the items in Annex A are mandatory? -
Internal Audit
In reference to your conversation, could you please advise who should approve the Internal Audit?
We have a CSO and an AVP, Info Sec.
-
Logical return to work process
I have been utilizing the ISO 22301 documentation extensively that I purchased via your company a while back. I used it to prepare our planning and it has proven very useful.
One aspect I am struggling with though and wanted to ask your feedback. I cannot see a logical return to work process/checklist amongst the documentation. I am clearly thinking ahead to how our business will return to business as normal but in a logical/structured manner.
Is this something you can help with? Even better if pandemic related?
-
Software Development Security
I have some clarification with regards to A 14 Domain.
1. Why ISO 27001 documentation toolkit from Advisera does not have a template for “Secure Development Environment Guidelines”?
2. We are a medium organization where we do limited development particularly customization of COTS software (Web Content Management {CMS} and Student Information Management {SIMS}). In this case how to analyze which A 14 controls will be applicable to our organization?