Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Implementation of GDPR & ISO 27001
Three questions related to implementation of GDPR&27001:
1. Which approach should be taken to development of the Information Security Policy taking into consideration that we already have three sources and three templates of this document?
- 11.3.1_Information_Security_Management_Policy_20000_EN
- 04.1_Information_Security_Policy_Integrated_EN, which is included in the folder 04_General_Policies part of the GDPR&27001 Toolkit
- Information Security Policy to be generated via Conformio
2. How to approach the development of the remaining documents within GDPR&27001 Toolkit, because they are integrated with GDPR and those on Conformio are not integrated with GDPR? As you already know, we should develop/achieve an integrated GDPR&27001 package of documents at the end of the day.
3. Given the fact that we don’t have the obligation to assign a Data Protection Officer and create it as a job title, what other role would you recommend – Data Protection Controller’s representative or other approach will be more suitable in order to comply with the requirements?
-
ISMS & BCMS risk assessment
Our organization ERM & BCMS risk is 5 (impact) x 5 (likelihood), however the ISMS is 4 (impact) x 4 (likelihood), can we use both or it should be aligned. based on your audit experience, is it nonconformity or not.
-
How to write a proposal for ISO 27001& 9001 and Partnership
I have been given a task to send a
Please let me have your thoughts and views on these, this project is based in *** and I have been given 3 weeks to send proposal to them.
-
Specific German legal requirements
Hi,
I am currently trying to compile a useful collection of legal requirements…
On your webpage you provide the titles of various laws.
Do you have a more specific collection that point towards the actual requirements for the isms.
I do not have the resources to read the texts and compile the specific information.
-
Internal audit
I am advising a *** company at the moment, as well as a ‘daughter company’ in the *** on ISO 27001. Just some questions:
1 - In the ***, there is only one person actively working, but he is (of course) also shareholder. Would it be okay if he does the internal audit? In ***, we want to have the CTO as internal auditor. He doesn’t have shares, but he is part of Management. Would this be okay?
2 - What would be the cost of an online training for these internal auditors?
-
List of Legal Regulatory
1 - I purchased the document templates and went with package 2 that gives me unlimited emails. I will more than likely need help with more documents, but I am starting to work on them, and the first document is the 2.1. I am unsure what to list here, I have read your website but wanted some help. Our company sells Web Portals to customers that integrate with ***. Who would be the stakeholders, I am guessing the 2 owners, Employees, Customers? 2 - Since I am the one in charge of the ISO documentation, I would be the person responsible for compliance? -
ISO 27001 questions about implementation of the standard
1 - Is it a fundamental prerequisite for certification in the standard?
2 - How deep should the mapping and documentation for the scope be?
3 - Overall, I still have a lot of questions about the topic "Organization context" and everything it should cover ...
-
ISO 27001 dúvidas sobre implementação da norma
1 - É um pré-requisito fundamental para a certificação na norma?
2 - Quão profundo deve ser o mapeamento e documentação para o escopo?
3 - No geral, ainda tenho muitas dúvidas sobre o tópico "Contexto da organização" e tudo o que ele deve abranger...
-
GDPR vs 27001
Can you please explain me briefly how to perform the risk assessment for biometric data (GDPR), using a computer, one employee and a biometric reader (ISO 27001)?
-
Document content
I’m watching the “How to Write ISO 27001 Procedure for Corrective and Preventive Action” video tutorial, and there our document is missing parts that he demonstrates is in his document. For example, the 3.1 introduction is not in our document.