Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISMS Scope Assistance
My company is contracted with a local data center to provide us with Infrastructure as a Service. The physical infrastructure that we use (firewalls, network switches, servers, and storage) is all leased from our datacenter host and they provide support of this physical infrastructure. My company's IT team builds and manages the operating system and application layers. Physical access to the equipment located at the data center is allowed to both members of my IT team as well as support personnel of the data center. In this situation, what is recommended to be included/excluded from the ISMS scope document? Thanks, Chris -
Data Center audit preparation
Please can you please let me know if you have a preview / blogs on Data Center audit preparation and also how to audit? Also on Cloud computing. -
Coding of policies, procedures and records
In your experience the task of the assigning the codes to Policies, process, procedure and registers. Is this responsibility of Security Information? -
Question on General Impact Assessments in the BIA Questionnaire
This relates specifically to the question on HSE concerns and the impact a disruptive incident would have on this issue (HSE). The thinking is that this topic may not be relevant to the financial sector as downtime of the activity will not generally have an impact on HSE; unless you're looking at specific scenarios. Your thoughts as I am inclined to remove it from the Questionnaire... -
How to select appropriate controls from Annex A
It's tricky to fill-out Risk Treatment - how to remember all 133 controls and select the appropriate? -
Asset inventory issues
Hello Dejan, I wish you happy and healthy new year ! I have a question in regards to some assets in the asset inventory We have Confidential waste bins, shredders and Lockable filing cabinets as assets, however we think that they are more controls to protect documents than Assets to be protected. For Lockable filing cabinets, it could be related to the control 11.3.3 Clear desk and clear screen policy For Shredders and Confidential waste bins, they could be related to the control 10.7.2 Disposal of media What do you thnk about this approach! -
ISO 27001 - frequency of recertification
Once certified for ISO 27001, how frequent does a recertification have to take place? -
Expenses in BIA Questionnaire
In your BIA Questionnaire, expenses are covered twice - Part 1 - Additional expenses (repairs, maintenance, etc.) and Part 2 - Working Capital (WC). Understand how WC can be applied but can you provide more information on the 'additional expenses'? -
How to link risk assessment to Statement of Applicability
Many thanks for a very good webinar. One question came to mind after the webinar once you have done your risk assessment and have a solid table listing your risk and their significance how do you then link that to the SOA and pick the controls you want? -
Questions regarding the ISMS scope document
If I am getting ISO 27001 certification for a project within an organisation, what should I put under Section 3.2 Organisational Units. Also for Section 3.4 Networks and IT Infrastructure, can I say that "Only the assets that belong to the project are included in the scope".