Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
BCP sample
Wondering if you have any suggestions on specifics of security requirements in BCP? How to write it? From A17 control perspective. I did go through your webinar on ISO 22301, but was curious if you have any sample case study of BCP and security requirements in it? -
A.12.5.1 concepts
I have a question about control A.12.5.1: what does „software on systems in the organisation“ mean and include? Does it include the workstation of the employees too? -
Integrating management systems
I’m still reviewing the toolkit. One question I do have is about integration with 22301, should I treat these are separate systems or try and produce one set of documentation? -
Defining an ISO 27001 implementation project
I was told that you are the main expert on the ISO documentation. My organization wants to put a project plan together on filling all of this out and we’re wondering if you have estimated timelines that it takes to perform the various activities. Obviously every organization is different but general guidelines would be good to help us with staff scheduling. -
Business strategies
I intend to understand how I determine business strategies, taking into account the business impact analysis results (Specifically, impact of processes, interdependencies, RTO and RPO) and risk assessment results (Specifically, the type and cause of risk, the level of risk - inherent, residual). Which variables in practice are all relevant in determining business strategies? -
Concept definition
I am wondering in the 08_Annex_A , A.14 ; Annex – Requirement specification related to information system - What do you mean by “Information system”, do you have any example. We are not sure to understand that term. -
Becoming auditors
How we can be Auditors for ISO prerequisites in Arabic Countries? We are network security company in Jordan. -
Becoming ISO 27001 lead auditor
I read on Advisera (https://advisera.com/27001academy/knowledgebase/how-to-become-iso-27001-lead-auditor/) that for obtaining the 27001 LA certification, 4 years of experience, 2 of which is InfoSec, is required. Unfortunately, I have less than a year of experience in InfoSec. So does that mean I can't get the certification even if I clear the test? -
Frequency for surveillance audits
I was going through this post - https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/ Question I have is - What is the recommended frequency for surveillance audits for ISO 27001 - I know the certificate is valid for 3 years....Also, if this needs to be done annually, in year 3 do we need to do both survelliance audit and recertification audit? or one of them only needs to be done. -
Audit competencies
Being an ISO 27001 internal auditor certified, which other ISO series can I audit with this certification? e.g. ISO 9001?