Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Information labeling
I'm contacting you to ask you some questions in A.8.2 information classification.
1. Is the classification of information based on confidentiality and integrity?
2. What's the purpose of information labeling? Is that just for informing internal employees?
3. Is it necessary to label all physical and electronic information? -
ISO 27001 6.1.1 Allgemeines
Two auditors have identified a finding regarding the management of opportunity, as required by 6.1.1 Allgemeines.
Which template covers this?
Based on the discussions with auditors, a reference table of which advisera template covers which norm requirement would be extremely helpful when identifying the correct document for the audit. -
SOA Documentation
Regarding SOA:- Do we have to prepare the Documentation for each and every Control mentioned in SOA or prepare only mandatory Documents (the Ones mentioned in the List of Docs attached)? Since ISO does not says to document each and every Control.
- If need to prepare only mandatory Docs, then will other docs also be checked during the Stage 1 Audit of ISO 27001.
- While preparing SOA, can we only prepare the Docs which are relevant to the Organization and exclude the ones which are not organization relevant?
-
Backup continuous policy
Hi, I request you can explain more clearly regarding backup continuous policy control or provide a document material to mail id.
-
15.2.2 managing changes to supplier services
15.2.2 managing changes to supplier services - ee have a major non-conformity on this point. Can you advise on remediation in a timeline of 8 weeks? -
Inventory management process
If we were talking about the audit, I am currently writing a thesis on the audit of the inventory management process
and I have some gray areas that I would like to clear up.I have to carry out an opportunity audit of the inventory management model in a company and that puzzles me as to the audit model that I have to bring, even adopt. On this I would like to benefit from the advice of an expert in the field.
-
Supplier Policy for Suppliers and Partners
I would like to ask here regarding the Security Clauses for Suppliers and Partners.- Do we need to make a Supplier Policy based on the attached Points listed in the A.15.2 Document? If yes, do we have to get it done through aLegal representative of the Company?
- Can you also give an overview of for what Suppliers will this Policy be made? For e.g. The Computer manufacturer providing the laptops and Accessories to the Company or External Companies with whom the Organization is working together.
- Is it mandatory to have a Supplier Security Policy?
-
Combination of ISMS and BCMS
Right now I'm working on my master's degree in XYZ and my master's thesis is about the simultaneous implementation of an ISMS and BCMS in an organization. I'm working especially about synergies of both Management-systems.
So I would like to know, what is your opinion about the simultaneous implementation of both systems? Is there a possibility to reduce resources? Or are both systems different to handle? -
Context document
In which document is the Context?
Can you please send to me a good context document? -
ISO 27001 and ISO 27799
My company has ISO 27001 and wish to get the ISO 27799 is this possible? I understand that 27799 is a companion but I see it described as a companion to 27002. to my Understanding 27001 is the standard not 27002 so Can 27799 be a companion to 27001?