Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Risk Assessment
As part of our Risk Assessment, I am using your tool kit. Is there a document or template that explains what threats and vulnerabilities are associated with what assets?
What should I choose from your list of threats and vulnerabilities for ***, which is cloud software? -
HIPAA vs ISO
Hi! I have an app that is HIPAA compliant and hosted in the US. I would like to open it up to patients in Israel and am trying to figure out what it takes to become ISO certified and what part of that is already covered by HIPAA. It is a mental health app and we store personal data, although nothing about physical health. Thanks!
-
ISO27001 clause & controls alignment
I would like to know which ISO 27001 annex A controls relate to which 27001 clauses, for example clause 4 is covered by control A??? Or is it not that simple?
-
ISO 27001 Certification
Please be so kind as to enlighten me regarding the following:
As a Certified ISO 27001 and ISO 9001 Lead Auditor, what “Document” would I be required to provide a Client as to once I have Completed, for example a Conformio Implementation to the level of providing Statement of Applicability and assurance they are Compliant and ready to apply for a Certification Audit?
-
ISO 27001:2013 (Information Security Policy / IT Security Policy)
Under ISO 27001:2013 Mandatory documents, both the Information Security Policy and IT Security Policy is listed.
We are trying to discern if both policies are required or if we can eliminate the IT Security policy and just use the Information Security Policy.
Is it feasible where we can insert controls from the IT Security Policy into the Information Security?
Please advise on best approach under the Mandatory document requirements.
-
Using ISMS results to prove SOX-ITGC controls
Can I use ISMS results to prove SOX-ITGC controls?
-
ISO27001 13.1.1 + 13.1.2
I am working with a company based in the cloud (with no company-owned networks). What would controls 13.1.1 and 13.1.2 look like for us if this is the case? We are working with companies that have proper policies in place (AWS, Github, etc.), but how could I prove to the auditor that we are compliant?
-
7.4 Physical security monitoring
First of all, congrats for you very well conducted webinar.
I’m analyzing the articles that you shared yesterday, I would like to clarify one thing.
In the article “Detailed explanation of 11 new security controls in ISO 27001:2022” we have the Topic “Documentation”:
I was guessing to add the details about “Physical Security Monitoring” inside the “Access Control Policy”, once this document should also cover the Physical Access.
Please, let me know your thoughts.
-
New control names
Hi Dejan just wanted to send you a thank you e-mail regarding the webinar today it was the best explanation I have come across since the new ISO 27001: 2022 emerged. One thing I wanted to, hopefully others could benefit from this too. I have read somewhere the new control names will be divided into:
1. Detective Control
2. Corrective control
3. Preventive controlIs this true? And is this just a general description or mandatory part of the change as in do these names have to mentioned after each control on the SOA