Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 27018
We have a potential client interested in hiring us to deploy and manage an application stack within AWS. One request they have is for us to achieve a certification in either 27018, SOC2, or PCI DSS. I am looking for more information about the former. -
Toolkit content
I do have a couple of questions for you regarding the documentation in the toolkit. Hopefully you could answer these questions for me. -
Exclusions from the ISMS scope
We are implementing ISMS for the web-service. It uses the web-portal where users can login and move on further to use our service (let‘s call it serviceA) in scope. But the same web-portal is also used for some other services (let‘s call them serviceB) which I don‘t want to be included in the scope. Different departments of the company work with those different services. So obviously I include the whole web-portal in the scope but I don‘t want to have the department which works with the serviceB and has nothing to do with the serviceA in scope. -
Career on information security
I have total 9 years of experience in IT environment as a System Admin (Linux, windows & Network). Now I am interested to pursue my career in Information Security. I do not know what is the first steps to enter in this field. How to start & from where. Which certification I have to do? -
Toolkit content
I do have a couple of questions for you regarding the documentation in the toolkit. Hopefully you could answer these questions for me. -
Updated article
Currently I'm working on clause 6, risk management. I saw a very interesting article about advise for smaller companies, the link is below. I saw that the article is written in 2010. I was wondering if it is still applicable to the 2013 version of ISO 27001? https://advisera.com/27001academy/blog/2010/02/22/risk-assessment-tips-for-smaller-companies/ -
Controls information
I would like to obtain information on Domain A5, A5.1, A13, A13.2, and A13.3. -
ISO 27001 2017 review
It appears that the referential of documents for ISO 27001 relate to 2013. Certification bodies are targeting to certify the latest (2017) version. What is the position of Advisera regarding this gap with Conformio set of doc.? -
Documenting controls
In 27001:2013 Annex A.9.4.2 - It states that there must be a secure log on procedure as dictated by the Access Control Policy. If my secure log-on procedure is captured in a "policy" document instead of a "procedure" typ document - is that wrong? -
Certification in multiple geographic locations
We are trying to figure out what support is required and what steps need to be taken to become certified in multiple geographic locations.