Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 27001 certification
I have a prospect working towards 27001 certification but they are using the 2013 revision and I am still on 2005 revision. I have read your blogs on the changes, etc. but have not yet purchased the updated standard. Can you tell me if the 2013 revision still refers to 11 security control clauses, or has that number changed? -
How to update isms policy and risk assessment
I am absolutely fan to your website thanks for all informations that you give us, i have a question about how to maintain our ISMS for the second year of certification: how to update isms policy and risk assessment .. . I didn't find articles related to this in your blog. -
Document control in ISO 27001/ISO 9001
Couple of questions about the document control: -
ISO 22301 and virtual servers
Hi, We are preparing our self for ISO auditing where we are going for ISO 22301 certification, and we need to build DRC for our IT. the DRC will cost a lot, but there is some company here providing virtual environment where you can rent disk space, memory, and process in control environment, this option will save our money & time where no need for any physical construction or physical hardware. Is this solution acceptable or we need the physical option for certification? (ISO 22301) -
objectives in the policy document
When setting the objectives in the Information Security policy document, do we differentiate between ISMS objectives and InfoSec objectives? Are these objectives really the same ? -
BCM manual
Based on the list of documents in your ISO22301 toolkit, manual (like any other ISO) is not one of them. -
asset ownership
A quick question regarding information asset ownership. What is the most effective way of assigning asset ownership to employees? I am not talking about Information Systems as this was the most straightforward one. Mainly talking about hardcopy documents, electronic documents, etc. Also, who are the owners of employees as assets? -
How to document the external and internal context of the organisation
Dear Forum members If anyone can share a sanitised format for documenting context of the organisation would be immense help to me as I am preparing documentation for ISO 27001:2013 version . Thanks Debasish -
step 1 of transmission guid
In your white paper "Twelve-step transition process from ISO 27001:2005 to 2013 revision" step1 please give me some examples in association with local community and arrangements. Is it local community Informal groups within the organization? What is the meaning arrangements? do yo meaning Prioritization or not? -
Change the top-level policy
hi In 12 steps to transmission to new version of standard in step4: Change the top-level policy , Do we necessarily have to change ISMS policy to information security policy? or Can We not change this policy ? thanks