Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 27001:2022
I just wanted to confirm with you some information regarding the dates that organisations can start certifying to the new issue of ISO 27001:2022. The transition period diagram that you have published in your blog states that organisations can start certifying to the new standard as of the 25/10/2022.
Does that mean Certification Bodies are already certified to the new standard and the Auditors are already qualified to audit organisations against the new standard's clauses and controls?
Or is it in fact a mistake in the transition diagram and the date should read 25/10/2023?
-
Risk Assessment
As part of our Risk Assessment, I am using your tool kit. Is there a document or template that explains what threats and vulnerabilities are associated with what assets?
What should I choose from your list of threats and vulnerabilities for ***, which is cloud software? -
HIPAA vs ISO
Hi! I have an app that is HIPAA compliant and hosted in the US. I would like to open it up to patients in Israel and am trying to figure out what it takes to become ISO certified and what part of that is already covered by HIPAA. It is a mental health app and we store personal data, although nothing about physical health. Thanks!
-
ISO27001 clause & controls alignment
I would like to know which ISO 27001 annex A controls relate to which 27001 clauses, for example clause 4 is covered by control A??? Or is it not that simple?
-
ISO 27001 Certification
Please be so kind as to enlighten me regarding the following:
As a Certified ISO 27001 and ISO 9001 Lead Auditor, what “Document” would I be required to provide a Client as to once I have Completed, for example a Conformio Implementation to the level of providing Statement of Applicability and assurance they are Compliant and ready to apply for a Certification Audit?
-
ISO 27001:2013 (Information Security Policy / IT Security Policy)
Under ISO 27001:2013 Mandatory documents, both the Information Security Policy and IT Security Policy is listed.
We are trying to discern if both policies are required or if we can eliminate the IT Security policy and just use the Information Security Policy.
Is it feasible where we can insert controls from the IT Security Policy into the Information Security?
Please advise on best approach under the Mandatory document requirements.
-
Using ISMS results to prove SOX-ITGC controls
Can I use ISMS results to prove SOX-ITGC controls?
-
ISO27001 13.1.1 + 13.1.2
I am working with a company based in the cloud (with no company-owned networks). What would controls 13.1.1 and 13.1.2 look like for us if this is the case? We are working with companies that have proper policies in place (AWS, Github, etc.), but how could I prove to the auditor that we are compliant?
-
7.4 Physical security monitoring
First of all, congrats for you very well conducted webinar.
I’m analyzing the articles that you shared yesterday, I would like to clarify one thing.
In the article “Detailed explanation of 11 new security controls in ISO 27001:2022” we have the Topic “Documentation”:
I was guessing to add the details about “Physical Security Monitoring” inside the “Access Control Policy”, once this document should also cover the Physical Access.
Please, let me know your thoughts.