Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Leader Auditor 27001
My doubts go more for real situations in an audit, where to be able to see these cases. For example, if an auditor finds that in an audit the software that a company has is illegal, how should he proceed, or in what cases can an auditor abandon an audit. I have read complementary ISO 27001 but I do not find these real cases that can happen and how a lead auditor is supposed to act. -
ISO 27001 package question
we are making some progress with our ISMS implementation and I have two questions: - Is a "Inventar der Werte" obligatory? As I understand this it's just a list of all values that appear in the risk analysis. Why is an ID needed? - Could you tell me the correct order of internal audit, management review and implementation of measurements? I understood it like this that first all measures have to be implemented, then there is an internal audit by someone of us or a consultant, then we need to do the management review and implement the recommendations from the internal audit and then we can ask for an external audit - is that correct? -
One question about ISO 27001
I have a short question: where is the chapter 7.4 (Communication) of the ISO 27001 covered in your documentation? -
Policies specific to HR & Admin
Where do I address ISO 27001 controls A7 & A11? Also is there a consolidated mapping in Conformio that can tell me what ISO clauses & controls have been covered through the documents created and what is still pending? This will help me to validate whether we have met the required ISO 27001 needs. -
Report on selection of software technology
In one of the documents I am working on for one project, I am asked for a report on the selection of software technology. Are you familiar with such a report under another name, or can it be agreed arbitrarily? -
Questions about laws and regulations
Regarding the Laws and regulations page in your site https://advisera.com/27001academy/knowledgebase/laws-regulations-information-security-business-continuity/ 1. Is the information updated? Can we use it as it is? We operate in USA, Germany, China, also a bit in Spain, and England 2. Is this list valid for both the control A.18.1 Compliance with legal and contractual requirements and clause 4.2 Understanding the needs and expectations of interested parties? Or, what is the difference? -
Conformio - Bring your own device policy
When thinking about this policy we have a company rule that only company laptops can be used for professional purposes. However, how should we treat personal mobile phones? They are not in the company network so do we include them also in the scope of the BYOD policy in Conformio? -
Template for guideline for testing and controlling measures for protection of information security
As my role as a CISO I am looking for a template for a guideline for testing and controlling the measures for the protection of information security which the German BaFin has set out in chapter 4.4 of the BAIT. Do you have a template or template that I can use as a guideline? -
Data center questions
1 - We can get a certificate for an empty data center? I mean that the data center is now empty without any IT equipment. The equipment will be connected later after we certify 2 - And what are the data center dependencies if my ISO scope is going to be a datacenter only? -
Toolkit content - A.6.1
Where is A.6.1 Internal organization Is it covered in your document pack? As I cannot find it.