Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Risk Assessment of Assets
Hello As part of compliance with the NIS Regulations we are identifying assets, grouping them and them Risk Assessing them as a group. Our aspiration is to implement ISO27001 in the future so I am thinking this is an opportunity to get our Risk Assessments aligned to the standard. I am guessing for ISO27001 we would have to risk assess the invididual assets rather than as groups? So, rather than risk assess Core Network VMWare Business Systems Desktop Applications Would we need to risk assess as follows? Core Network VMWare Business System 1 Business System 2 Business System 3 Business System 4 Business System 5 Desktop Application 1 Desktop Application 2 Desktop Application 3 Desktop Application 4 Desktop Application 5 Thanks Lee -
Conformio expert question about asset and access mgmt processes
How does Conformio support asset and access mgmt processes? -
A.14.2.7 - is a developer hired as a consultant considered outsourced development?
We're a software development team of 3 persons. 2 of the persons are hired directly as employees in our company but the third developer is hired through his own company, which means that legally he is a 3rd party. BUT he only works with us for the time being, being supervised by the two other developers and in every other way working as if he was practically hired directly by us in our company. Is this considered "Outsourced development"? I mean it's not like we've engaged a large company to do the development for us. The only difference is that he is sending invoices to get paid while the two other developers are getting their salary as employees. So - is a developer hired as a consultant considered outsourced development? -
Implementing 27001 or 22301?
Te reescribo la pregunta que por el chat podía estar mal redactada. Para mí, como autónomo que me dedico a la asesoría, ¿crees que es más acertado que “me implemente” la 27001 ó la 22301? (no me refiero a implementar a otros) -
ISMS evidence
As part of our support, I want to request some more explanation on the questions below related to ISO-27001:
Evidence of Communication Plan for Communications Related to the ISMS
Documented Management Review Process
Evidence of the Results of the Management ReviewsKindly provide more explanation about these requirements and what document templates maps to them .
-
Submitting CAPA for NC on opportunities for Improvement
I had a query. Can you kindly support me? Do we need to submit CAPA for NC on opportunities for improvement? -
ISO 27001
Dear, I need some clarification about the documents 5.1 and 5.2 of the iso 27001 In the "Number" field exactly what should be entered? Is a sequential number enough? Thank you in advance. -
Which bodies are obligate to have ISO 27001 certification?
Hello, I want to know which bodies are obligate to have an ISO 27K certification?
-
Audit Checklist
I am currently reading through the Audit Checklist of your ISO27001 package.
I am confused by the mixing of Business Continuity and IS Tasks.While there are many BC Questions that are irrelevant for my purposes, I am missing the entire section 8 of ISO27001.
Also when adapting the BC Tasks for IS, I later find that comparable questions are stated in later sections.
Can you perhaps provide an updated Checklist with better focus on ISO27001?
-
Requirement of Clause 8.1
Greetings! I already bought your 27001 kit, but I do not see where it addresses the requirement of Clause 8.1