Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
CONTROLS A.18.2.1 AND A.18.2.2
How to implement this control when the company is very small, that is, it has 6 employees? Critical analyzes are usually carried out by the entire company team. In this situation, would it always be necessary to hire a specialized external organization, as suggested by the ISO27002 standard? -
Help with management review
I am enjoying the course thank you, and my company are going to pay for me to take the exam which is really good. I would like some help doing my first management review this week if you have any tips or templates on what I should be doing for this. -
ISO 27001 Mapping to CSA CCM Matrix
Where can I find the Advisera Matrix that maps ISO 27001 to CSA CCM (Cloud Security Alliance – Cloud Cloud Control Matrix) ? I have the ISO 27001 toolkit and do not see it there. I believe this was a downloadable doc from your Blog or Free Downloads section of your website not too long ago. -
How to fill out "Appendix 1 - List of Legal, Official, Contractual and Other Requirements
Do you have a specific company example of how to fill out "Appendix 1 - List of Legal, Official, Contractual and Other Requirements"? Unfortunately, the description in the document does not help me, nor do the linked articles. We need concrete examples to apply this to our company. - The same applies to the definition of the ISMS scope. Unfortunately, the linked articles do not help here either. Do you have an example from a company of what the definition can look like? -
Identifying Assets
One of our primary assets is our customer data which must be kept private. This data is primarily stored in an SQL database, but can also be found in printed form, email, staff member’s brains etc.
Since the customer data can take on so many forms the risks are relevant only to the form in which it takes.
So rather than list “customer data” as an asset, would I list each form of the data as separate assets i.e.
- Customer data in SQL database
- Customer data accessible by web application
- Customer data in printed form
- Customer data transmitted verbally
- Customer data in the minds of employees
-
IR35 compliance and ISO 27001
Hi Dejan, I wondered if you might be able to answer a query on IS27001 in conjunction with the IR35 legislation that is a hot topic for contractors at the moment. I have concerns that imposing ISO27001 training and asking contractors to adhere to our rules (using a company-controlled laptop rather than their business laptop for example) will go towards the contractors looking like a "disguised employee". Have you come across this issue before? -
Grouping of Assets in Risk Assessment Table
I’m working through the videos/templates that we purchased from you, and I have a question regarding the listing of assets in the Risk Assessment table. We have 6 or 7 desktop PCs in each of our offices. Do I need to list each PC separately and repeat the same risk information over and over again in the Risk Assessment table, or can I just group them as “PCs Office 1” and “PCs Office 2”? -
A.15 Control section
I have a question about A.15 why does Y2005 call Third parties but Y.2013 call supplier? -
Naming of ISO 27001 Annex
Why does iso 27001 domains starts from annex A.5, but not A.1? Is there any specific reason or are there any other unused/ old domains? -
Question regarding ISO 27001 Lead Auditor training & Certification
I hope you are doing well and preparing for the holiday season. You might recall that I completed the Advisera ISO 27001 Lead Auditor Training and Exam in January 2019. I would appreciate it if could clarify whether Advisera’s Exemplar Global Certificate along with auditing experience is comparable to the ISO 27001 Lead Auditor training and certification offered by organizations such as PECB. Thank you!