Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
DR test report template
Hi, I was wondering if you would have a DR test report template I could recommend to my client. They are ISO27001 certified but need some guidance on putting together a meaningful report after a DR test was performed to present to management -
Risk Assessment : Which assets to take into account
In the scope of our ISMS, we only focus on our SaaS platform. So in the list of assets, I'll for example consider the customers' data stored on the platform as well as all software components of our platform. But what about assets like employees' laptops ? Are they to be considered as assets, or as potential vulnerabilities as threats may use laptops vulnerabilities to access our SaaS platform and extract sensitive info? -
Declaration of applicability in ISO 27001
I have a question about SOA. If, for example, last year we received a certificate for ISO 27001 and the certificate states the Statement of Applicability from, for example, from 01.05.2020, and certainly, there is a version on that Statement, can the version and date be changed now, for example, to put version B, date 24.11.2021.a not to be certified again? I mean I don't know if you understood me, but basically, I want to know if I can, for example, change the version and date of the SOA every year, even though the certificate we last received has one date? -
VA-PT testing
What are the threats and loopholes hackers take advantage of even when my organization is ISO27001 certified and regular VA-PT testing is conducted ? -
Business continuity plans in a larger company
Wondering how you see structure of the business continuity plans in a larger company (+1500 employees)? - one plan for each critical business area/function? - one plan for IT recovery - including crisis mgmt plan - one plan for building recovery - including crisis mgmt plan - one plan for critical business recovery - including crisis mgmt plan ... ensuring all plans are aligned ??? and work together ?? THANKS for your words on this!! -
Preparing SoA
We are trying to implement an ISMS to ISO 27001 standards in my new organization. In trying to prepare a Statement on Applicability, I discovered that virtually all the controls were based on business requirements, best practices, contractual obligations and legal requirements. They were not based on the result of risk assessments. Can the organization still go ahead with the implementation process, or we will need to reassess the risks on a risk assessment basis? -
Question on SOA
In your template for the SOA you show the column “Control objectives” for which in my understanding S.M.A.R.T objectives shall be listed. In your ISO 27001 foundation course video about the SOA, this column is missing. Therefore, I would like to know if it is mandatory or not? Because I struggle to find adequate measurable objectives for all applicable controls. -
Business continuity elements
Can EHS' ERP be part of the BC? EHS - Environment, Health and Safety Emergency Response Plan -
ISO 27001 new version and becoming a consultant
1 - My company is intended to implement iso27001:2013, But I've heard that new version is coming, And I need to know if I start at the beginning of next year does the new version will affect me specially if I use your toolkits. Will it be updated. 2 - Next part is personally, after implementing the standard in my company , I would like to do my own business in iso 27 as consultant so Need your advice please. -
Audit findings
Hi Dejan , what is your view if an auditor gives me findings for not securely control employee's records. However, my ISMS scope does not cover employees record to be protected. ISMS scope is to protect information gather/process in procurement system. Appreciate if you could give your professional view.