Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Control A.8.2 Information Classification
As a small business, we are inclined not to implement the following Annex A control Information classification as after the risk assessment, management has taken a decision to accept the risk however, we are also told this is a critical control that some auditors don’t like when that is not implemented therefore as an alternative on that control, we can have all our documents classified as internal and in case we need to provide sensitive information to external parties for example, then we will have a process of approvals and change the classification based on the document complexity? -
Consultation to ISO 27001 documentation
1. Within the points that are detailed in the ISO 27001 templates, there is no point related to sanctions, it is possible to place this point within the corresponding documents, to detail which are the (labor) reprimands that would be obtained by the Failure to comply with any of the guidelines of X Policy. 2. I have another query: Within the Business Impact Questionnaire, this must be done for each activity that is managed in the organization or several activities can be placed in a single questionnaire. If the answer is YES, please indicate how to place this.
-
Mapping of requirements categories to ISO 27001 Human Resource controls (Conformio)
We have a customer that requires that *** employees are submitted to background checks, etc. This correlates to ISO 27001 Clause 7, Human Resource Security. However, there does not really seem to be a matching category in the “To what area is this requirement related?” dropdown list. Is this an omission? Or, to what dropdown item should we map this requirement so that it shows up in the appropriate area of the SoA? -
Question on Creating a Business Case for ISMS ISO 27001:2013
1. Is the creation of an ISO 27001 ISMS Implementation Business Case document mandatory? 2. What components should the business case contain? 3. When is the Business Case document created? before starting the ISMS planning phase? after the gap analysis, after the risk analysis, etc.? 4. As in the initial phase of an ISO 27001 ISMS implementation project, the cost and/or the investments required for the implementation of the controls for the treatment of risks are not yet known, how is the financial budget of an ISO 27001 ISMS project to add it to the Business Case? -
More questions on Additions to Conformio
Can you perhaps enlighten me as to how to segregate departments in the Audit Process. I have a client that has 11 departments each with their own set of Risks, and they would like to know if they need to read through the entire Risk Treatment plan so as to identify Risks that are applicable to their specific Business unit. -
ISO 27001 question
We got feedback from the auditor that we need to have the document code included in all documents. Is this mandatory based on the standard? -
Question regarding ISO27001 implementation - Interested parties
I have been trying to complete the 02.1_Appendix_List_of_Legal_Regulatory_Contractual_and_Other_Requirements_Integrated_EN I am getting myself rather confused, previously I have maintained an integrated 9001 and 27001 so I have been thinking along the lines for these interested parties. However, after much researching of the internet I get the idea this time it should only be parties interested in our Information Security only can you confirm if this is right or wrong please? So things like The Working Time Directive an equal opportunities laws don’t need to be included? Also things like the WEEE directive would I include because of the disposal of data\hardware? And maintenance companies that service the data centres for equipment like AirCon, would I include them? -
ISO 27001 external audit for rest of employees
As part of ISO 27001 external audit and apart from the security awareness training, we would like to inquiry on topics the auditor will be interviewing the rest of *** employees (the ones who are not currently set up to be members of the ISMS in Conformio). Currently, we are a bit concerned about what questions the auditor might be asking employees and some directions from you would be much useful. -
ISO 27001 toolkit
Wondering if an updated toolkit will be supplied to registered users (as I) for the upcoming 2022 standard version. Also wondering if any ISO27017 and ISO27018 expansion packs are available, or at least a document matrix alignment with ISO27001.