Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Certification process
Hello.. I've been watching some of your videos and I have a question.. after our organization has implemented the ISO 27001 policies and procedures.. who will audit our company to give us the "ISO 27001" certification? -
Sharing documents
Sharing completed policies with third parties? As a government agency, we are required to provide copies of policies and or documents to third parties? Would this be in breach of your license ? -
Planning internal audit
Question about internal audit. Do I have to audit all clauses each year, or can I sample like in any other corporate audit? This is an existing certified ISMS, so surveillance takes place annually. -
Positive risks and opportunities
"I fundamentally disagree with the phrase 'positive risks, also known as opportunities'. 'Opportunities' are NOT 'positive risks'. A risk, negative or positive, is something that you are subject to WITHOUT CHOICE; something that may happen that would have a negative or positive affect upon you. If it cannot happen, or if it cannot affect you, it is not a risk to you. -
Inventory of assets
My question is about the inventory of assets. We use ConnectWise Automate to keep an inventory of all our IT equipment, so can I just write in the Inventory of Assets document that “An inventory of all our IT hardware can be found in ConnectWise Automate”? -
Legal requirements for ISO 22301
I have recently taken the role of a BCM Coordinator. According to the ISO 22301 clause 4.2.2, an org needs to document the legal and regulatory requirements of the org. Please can you let me know what documents can be considered as a evidence of this? Or what details are relevant from the legal aspect if I have to include them in the BC Strategy document itself? Any help on this or a sample document etc. will greatly help me please. -
List of ISO standards users
I have followed you for some time and would like to know if you can advise of any ISO standards register or matrix that identifies major listed or private companies (e.g. ASX100, FTSE100..) and the ISO standards they operate under. I am particularly interested in ASX companies so I may list against other standards / disciplines they subscribe to. -
Implementing asset register
"Tengo que hacer un sistema para un auditor, utilizando la norma iso 27001 -
Filling in the List of Requirements template
1 . We are in the beginning stages of implementing ISO 27001. We have purchased your ISO toolkit. We are working on the 02 Identification of Requirements documentation. Please help us in understanding the following for the Appendix 1 – List of Legal, Regulatory, Contractual and Other Requirements document: How detailed do we need to get when listing our requirements? Do we need to list each requirement in the ISO (Annex A), HIPAA, or other standards and determine the responsible person for each? Or, can we just reference the standard?