Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Training provider
1. If I do my exam with IGC, instead of IRCA or PECB which are more expensive, how will this impact me in the long term? -
Information classification policy
I am developing the Information classification policy for the company and would like to know if it is obligatory to define the Steps and responsibilities?) -
Implementation chalanges
1 - Would you a roll out process and/or baseline to serve as references? -
8.3 Tratamiento de los riesgos de seguridad de información
Hola, En este punto de la norma hay algún formato que se deba seguir para documentar la implementanción del plan de tratamiento de riesgos? Si en el plan de tratamiento de riesgos hay un proyecto identificado para mitigar una serie de riesgos,¿el comité de seguridad podría a posteriori decidir que se acepta el riesgo y no se implementa ese proyecto? o eso seria una no conformidad ya que el riesgo aceptado o "apetito de riesgo " nos obliga a tratar ese riesgo con el proyecto identificado en el plan de tratamiento. -
Main documents for certification
I wanted to find out what sort of challenges your clients face with auditors or Certification Bodies when they use your documentation toolkit. Also, are there any specific areas or even documentation we need to give extra attention from your toolkit as we prepare for certification? -
Risk treatment implementation
Now we reached to the planning for risk treatment for ISO 27001. In our statement of applicability we excluded only one of the controls in annex A due to un-applicability. Now the remaining controls are required where some of them already implemented and most of them not implemented yet. We shall include the planning for the implementation in the risk treatment plan but this will mean implementing the control in future date. -
Top management and information security
Having completed the ISO 27001 Foundations course I would appreciate receiving your explanation regarding Clause 5 – Leadership. -
Cloud security controls
I was wondering what is the best way to include cloud controls.. we are in the process of ISO 27001 and some of our operations / products are in cloud.. do we need to look at 27017 ? For ISO 27001 certification , is that enough , do external auditors look for 27017 for ISO 27001 certification for services in Cloud? -
Who should access risk management documents
Who in the company should have access to the SOA and the Risk assessment and the risk treatment tables? Is this something that is okay for internal use? Can all employees have access? or only managers? or only certain people? -
Defining the scope of ISO 27001
We are working to become ISO 27001 compliant. Please suggest how should I define the scope of ISO 27001 ?