Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Obtaining management support for an ISMS
Hi, I hope you are well, I am trying to convince top management to invest ISO 27001. I am writing the scope of the ISMS. I have two statements:
1) Information Security Management System applicable to the provision of IT Services supporting information assets of the organization.
2) Information Security Management System applicable to the provision of IT Services of the organization.Which one is the best option to go? if you can help me to build another you are most welcome.
-
Supplier Security
To make sure to have a good Supplier Security, is it recommended to get an ”Order Data Protection Agreement” signed by the suppliers as well as the Third Parties the company is working with?
If yes, do you have any Standard Template for this or we take any Template available on the Internet?
PFA one template and suggest if it looks fine to be used with Suppliers and third Parties.
-
Identification of justifications for SoA
In the Document 06_Statement of Applicability, in the Column below in “Justification for selection/non Selection in SOA” how can we identify that whether the selection of a control is based on Risk Assessment results, contractual or legal obligation?
-
How to Implement Information Classification in a Dept.
Hi
I want to implement data classification in a dept. I should know how to approach this practice? What are the things and documents that I should consider for this classification. I already have information classification procedure which has levels of the classification defined but that is not implemented on the ground
I want to start the implementation and want to cover both structured and unstructured data.
Please advise
Thanks
-
How to establish new ISMS Objectives
Hi, I have implemented ISMS in my company 2 years before and all the objectives which I have proposed during the implementation are already completed. I need to establish new ISMS objectives for the next 2 years at least. I have below doubts in mind:- How should I proceed in this case? New ISMS objectives will depend upon which factors? How can I make new objectives?
- What will happen to my objectives which have been completed?
- Do I need to keep a record for them for management review in the future?
- Do I need to make any implementation plan for the new objectives and how they will be achieved?
-
Calculating audit days
How can I calculate the ISO 27001 certification renewal audit date for my company? I know that according to the employee number. however, how can I evaluate whether the day number is fair or not? for 21 employees, they specified as 4 days. the quality system is the same, people are the same, no major change for ISO 27001... -
Audit forms
I am reading audit self-study. And your Video is very helpful, but I found doubts about what should I think for audit to be written down in forms. How forms look like? Really I hope you can help me. What are the right tools I should use to?
-
Defining KRI's for Risks
Hi
I have a risk register that I am maintaining for ISMS. I have different types of risks which are defined in the risk register. Now I need to define KRI for each risk. How can I do it as it will be a lengthy process and I have never done it before? For this practice, I need to analyze each risk in the risk register for measurable metric which is a difficult task. Please advise how can I do it in a simple way.
Thanks
-
Risk assessment and asset management
Hello, I wanted to ask you which one should be done first? Risk assessment or asset management?
-
Business Continuity Management System
Do you have any document on the competency requirements for various roles in the Business Continuity Management System with respect to ISO22301:2012 clause 7.2? I could not find one in the attached list which you had sent me earlier.