Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 27001 A.8. 1.1 Asset Inventory
Please in building an asset record for IT assets like servers and network devices, what is acceptable as a unique identifier to uniquely identify assets in a manner that cannot be easily manipulated. Thanks
-
Mandatory docs
*** are getting ready for their internal audit, and they are asking about some mandatory documents, which I also can’t find on the platform. Please advise how we can generate the following ones: Definition of security roles and responsibilities (clauses A.7.1.2 and A.13.2.4) Acceptable use of assets (clause A.8.1.3) Secure system engineering principles (clause A.14.2.5) Business continuity procedures (clause A.17.1.2) Logs of user activities, exceptions, and security events (clauses A.12.4.1 and A.12.4.3) -
Using ISO 9001 policies for ISO 27001
We are now in the process of implementing the ISO 9001 standard in our company and we have already developed some policies that are also necessary for implementing ISO 27001 like Access Control Policy, Information Security Policy etc. Once we get certified in ISO 9001 and start with ISO 27001, can we use the same policies that we already developed, or do we need to write?
-
Records of training, skills, experience and qualifications
I have a question regarding the below mandatory requirement: Records of training, skills, experience and qualifications (clause 7.2) Is it for every staff at the company to list the qualifications or is it only for those that are involved in implementing ISO27001 Project? -
List of legal, regulatory, contractual requirements
Estimados, buenas tardes. Su ayuda con la siguiente consulta que tengo: Dentro de los requisitos contractuales que se deben detallar en el documento 02.1_Apendice 1. tenemos internamente un "Acuerdo de Confidencialidad" en el cual se indican varios puntos importantes (requisitos), pero no se encuentran enumerados o separados, en este caso, ¿debo colocar todos estos requisitos de forma separada en el 02.1 Apéndice 1, quedando de la siguiente forma: ?
¿O cuál sería la forma correcta de indicar todos estos requisitos en el documento?
-
Conformio expert question
1. How to handle legal and contractual requirements and what clauses require this in the standard? 2. Is it required that the person who is doing the Audit needs to have training in Internal Auditing and ISO 27001? -
ISO 27001 expert question
Would you be able to advise what I should be looking for when I want to get a cloud based CMMS system? Do I need a system that has ISO 9001 or ISO 27001 certification? -
HIPAA & ISO27001
We've spoken previously regarding ISO27001. I'm working with a software developer supplying into the aged care market. While in Australia, some providers ask if the developer is HIPAA compliant, a US standard/set of rules. If you are aware of HIPAA, how do you think about it in in line with or against ISO27001? -
BIA process
Good afternoon. Trust you are good. I want to pick your quick thought on some business continuity matters. In the BIA process for every department, does this represent the BIA for the information security department? -
ISO 27001 and HiTrust
I have a question about HiTrust. Does ISO27001 cover HiTrust too? If so, do you have documentation about it on your website?