Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Setting the ISMS scope for data center
Since my ISO program is focus on one of our data centers, the data center was maintained by operation team, infra service was supported by Infra Team, also development team for application development -
Which controls to apply?
Is there any control that I have an obligation to implement? For example, the control 11.3.1 - Using passwords - I have to use this control considering that all employees work with computers? Or depends on the risk assessment? -
Certify against ISO 27001 2005 or 2013?
I am currently implementing the ISO 27000:2005 ISMS and hopefully certify in June or July of 2014, I can do it with the 2005 version and I have to do with the 2013? Why in that case I have to make the transition. -
BIA questionnaire
Hello Dejan, What´s the objective of the "Time after which the resource is necessary" in the part 2 (Resources required for recovery)? -
How to implement all policies and procedures for stage 2
I've received this question: We have passed Stage 1, Could you please suggest how to implement all policies and procedures for stage 2 and what exactly they check on Stage 2. Answer: At Stage 2 audit, the certification auditors will check if you really operate according to your policies and procedures - so for example if you have written that you will perform backup every 2 hours, then the auditor will check if this is really done so. So the answer to your question is: you have to observe all the rules you have documented. -
Change in risk assessment methodology in ISO 27001:2013
In the new ISMS Standard, is there any change in the methodology of calculating Risk to be adopted? -
Process approach in ISO 27001:2013
ISO 27001: 2013 is said to no longer be used the process approach. Based on that, it means that the ISMS is to apply to the whole organization, or I can continue implementing an ISMS to a specific company process as long as you define (as always should be) the scope where you will deploy. -
Reasonable prices for ISO 27001:2013 and ISO 27002:2013?
I saw on the ISO website that these two standards have been published. Could you please tell me where can I purchase/ receive copies for my personal reference at reasonable prices. ISO offers them at exorbitant prices -
Appendix_List_of_Statutory_Regulatory_Contractual_and_Other_Requiremen ts_EN
How specifically is this list used? I am having a difficult time trying to ascertain what should be listed? -
IS Incident Management Procedures
Hi Dejan, I am actually drafting some ISO 27001 mandatory procedures, Regarding the Information Security Incident Management Procedures, I have noticed that there is 3 procedures : - Reporting IS weaknessess & Events - Responding to IS Reports - Collection of evidences Can I decscribe all this procedures in one general procedure "Information Security Incident Management Procedure" or I should build each procedure separatelty, what is the most convenient? Thanks in advance