Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 27001 vs NIST, CIS and Common Criteria
How does the ISO 27001 compare ( differences, advantages and limitations) to other frameworks such as NIST CSF , CIS Critical Controls and Common Criteria ? AND How does an organisation decide which framework is suitable for it ? -
What to include in Information security policy?
I am trying to compile my Information Security Policy and the above subject/areas are not as clear cut as I would like. Do you have to include both your products and the services of your organisation and is there a simple definition for them both to ensure I put the right details under each heading? Secondly if I include the like of Partnerships, Supply Chains and Relationships with interested parties do these then need to have a service level agreement to ensure they are providing us of what we need and they are compiling to our ways of working especially in relation to security. -
How long should the ISMS be in place before going for the certification audit
How long must these ISMS controls be in place before being able to get an audit? IN other words, some of these policies will be new and we are just creating and implementing them as we go through the process of trying to get certified. Do certification boards need to see these policies in place for a specified period of time first? -
Procedure for document control - only for ISMS documents?
With regards to the "Procedure for Document & Record Control" document--is this only referring to documents pertaining to the ISMS? In other words, it isn't referring to ALL internal and external documents, programming code (our business is on software development and consulting), invoices, etc. ? We are strictly talking about documents pertaining to the maintenance and guidelines around ISMS--yes? -
Governance framework and management reporting
We currently have our Auditor in and all's going well with the help of your 27001 toolkit I procured from you. They are asking me to show that we have a Governance framework and Management reporting in place. Is there a template for me to start creating a documented Governance framework you could supply? -
Corrective and preventive actions
I have a confusion to making corrective and preventive maintenance.. can you help me please ? -
Information Life Cycle Management for ISO 27001
We are currently preparing for ISO/IEC 27001:2013 certification. I would appreciate it if you could let me know where I might find recommendations for Information Life Cycle Management. -
How many people can have access to admin password?
Can you tell me in general how many persons in company can have access to Admin password? -
Closing meeting, checklist and findings
1.- What is the main points to be considered and discussed during closing meeting? -
Difference between ISOs and British Standard
what is the difference between isos and british standard?