Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Information Security Policy
What is the difference between the clause 5.2 and A.5.1.1 and A.5.1.2 controls? -
Documented information
I've got this question about documented information. Policies or procedures, like Control Access Policy, should be considered documented information Taking into account ISO 27001 7.5.1.b) clause, it seems that the company may decide this issue. -
Interested Parties need clarification of this. I'm looking for an example of a
Hi, I need to define my organisations interested parties procedure that can be written to detail this but can't seem to find any guidelines for this. -
Documents and records
All organization's documents should be structured as the mandatory documents of ISO 27001 (containing level of confidentiality, document management and validity of the document), or all documents e.g. a slide show, Minutes of meeting, contracts, tests report , etc? -
Program Source Code
What program source code is meant because as an IT company we are developing programs and of course we have access to source code. In standard it's says that access to program source code shall be restricted. Only restriction that we have is by team and by costumer. Costumer share the access right to the program that we develop for them. But when we develop our program or software only the specific team that works on this project have access rights to the source code. -
ISO 27001:2013 Asset Based Risk Assessment
I would like to get your advise on performing a RA based on ISO 27001:2013. Currently my organization has Asset based RA. Please let me know what is the mandatory requirement for ISO 27001: 2013 and kindly share if you have any sample or template. -
Interested parties
Could you please explain in more details what are the interested parties, I have some issue to define whether it relates to the employee, third parties or customers. -
Incident Handling Procedure and Business Continuity Plan
An organization have Incident Handling Procedure and Business Continuity Plan Procedure. in the event that major system breakdown occur should the organization follow incident handling procedure work flow or Business Continuity Plan work flow. In what circumstances we can differentiate between incident or disaster. -
Difference between Incident and Disaster
What is the difference between incident and disaster? -
ISO 27001, Alcance de la implementacion
Buenos días, Actualmente estoy adelantando la proceso de Certificación en la norma ISO 2700:2013 en mi empresa. Tengo una inquietud, Cuando hablo de la organización en la norma ISO, me refiero a esa parte de la empresa que tengo definida como alcance para certificar, pues si reviso definición de la palabra organización en la norma ISO27000, definen que es una parte de la empresa, eso es correcto?.