Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Employess trainning and awareness
Hi, I'm trying to find out how much employees need to know as a minimum for 27001? I know education and awareness is part of it, but just don't know how much is needed and what needs to be covered -
ISMS scope definition
The organisation where I am currently doing my internship, has purchased your document for the ISMS scope. I have a question about this document. What is the best way to define the Networks and Infrastructure that belong tot he ISMS scope? -
Stakeholder info to document
Hello, Currently I am at clausule 4.2 of the ISO27001 certification. I need to analyse the stakeholders for my organization where I am doing my internship. To analyse these, I made a table in Microsoft Word and used the following info to fill per stakeholder: - Stakeholder type (customers, suppliers, partners, employees and supervisors) - Stakeholder name (per stakeholder type there are different stakeholders. E.g. employees describes the sales, support, system engineers and so on) - Small description about the stakeholder (what are it's activities related to our organisation) - Requirements and expectations per stakeholder (e.g. customers: protect their data) - Laws, regulations, contract requirements (e.g. the GDPR for the Netherlands, processing agreement with customers) - And last but not least: does the organisation meet these requirements? Is this enough information for the stakeholdersanalysis? Thanks in advance. Yours sincerely, Tom van Ruitenbeek -
Controls applicability
Today I had a discussion with an auditor here in XXXX. The discussion was about which controls in Annex A are mandatory (if they are) and why. The auditor insisted (due to instructions she seemed to have) that only the following controls are mandatory (i.e. they cannot be excluded from the ISMS, as she said): -
Recognizing certificated organizations
I want to know when some organizations have iso certificate when I walk in that organization how can I understand that organization has iso certificate? I want to know what is observation item should I see when I walk in that kind of organization? -
Risks definition and SoA
We bought the toolkit for our planned implementation for ISO 27001&27017&27018. I've looked at the tutorials in order to fill in the correct info but have a problem to define the risks as well as the statement of applicability. -
Access to suppliers SoA
I have a question regarding suppliers: Am I entitled to have access to a suppliers SoA? -
ISO 27031 or ISO 22301
In disaster recovery, ss it using ISO 27031 or ISO 22301?What is it the difference? -
Risk assessment example for agile approaches
Do you have an example of agile approach in risk assessment and risk tractability? Effectiveness of risk treatment system. -
ISO 27001 and COBIT 5 relation
How is ISO 27001 related/aligned with COBIT 5?