Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Audit management
As you are aware I purchased an ISO 27001 Toolkit for my internal Use. I have also confirmed pricing on White Label 27001 Toolkits. Based upon what you presented tonight, I would really appreciate your guidance as to which is going to be the Best tool selection either Conformio or ISO 27001 to Manage Audits of my Clients Look forward to your valued response -
Doubts about lead auditors in 27001
I have been on several ISO 22301 and 27001 webinars and I have doubts that if you could not answer me 1) In which cases, an auditor can decide whether to waive an audit in a company. 2) In case of detecting illegal software in an audit which is the procedure for which an auditor has to go, who is required to communicate how to proceed. -
ISO 27001 questions related to Conformio
Question 1: "We are a litle bit lost witht the Initial training plan as we are not sure how to structure it and what are good practice. Can you provide good practice for training when defining the Initial Training Plan? We are not sure if we need to define different suggested training for different skills. Should it be on different skills or different rules depending on the role in the company? What are good training or skills for an IT Manager or Compliance officer for example? We would also appreciate a catalog of links to training on your website that can be useful in completing the training plan?" Question 2: "We were going over the "Procedure for identification of requirements" and we ran into this part that wasn't clear:
- what document does the "Information Security Management System Policy" refer to? "
-
ISMS
One important part of the ISMS is the employees' internal security awareness training. I see that you propose free security awareness training on your website. 1 - Is this sufficient during an ISO 27001 certification external audit to prove that *** took the necessary actions with regards to training internal employees? 2 - Is there any way to prove the employees have effectively followed your training ? Something like a completion certificate? 3 - Would you recommend additional steps? -
Recording serial numbers when destroying hard drives
I have query. When destroying hard drives with a iso27001 certified company. Do we need to add and record serial numbers for each HDD? -
Audit query
We have used all the materials and templates that Adviseria sent During stage 2 audit what if there is no evidence of a procedure because the procedure has not been carried out as yet? Is it a finding? -
Risk assessment: minimum content?
In our Risk Assessment table, is there any "minimum" content we should have to be "credible" from an auditor point of view? Seeing our scope and assets I've listed, I think I'll end up around 150 lines in the table. Is this Risk Assessment Table a good document you would be able to review for me and provide feedback on? Or is this too specific to certain business (like ours that is focused on our SaaS platform)? -
Process of ISO 27001 Audit
What are the basic things that we need to prepare to successfully clear the audit and basically what documents. -
Finding SOC 2 auditor
I have a question for you. How do I find a SOC 2 auditor? Our company is in California, USA. -
Toolkit content
We did a free version of Conformio and we decided to buy the toolkit. We are currently working our way through the documentation, and we are busy with the Risk Register. Please see attached diagram that was found on your website. I was under the impression we would be given these types of resources for each asset. Is it not a part of the toolbox?