Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Lead Auditor Exam
Good morning Dejan, I trust this mail finds you well. Please provide me clarity with regards to Section 6.1. in your Book ISO 27001 Audit, with reference to the “5 Day Training” required to write the Lead Auditor Exam to obtain the Certificate. Does this mean that the “On-Line Course” provided by Advisera is not sufficient, and that I shall have to enroll with a Training Institution for Classroom Instruction? Look forward to your valued response -
Controls A.17.1
1 - Como definir los controles de seguridad de la información dentro de las actividades del plan de continuidad ? No entiendo si hay que definir en cada actividad como se aseguraría la seguridad de la información o tener un apartado general el plan de continuidad donde se mencioné que en todas las actividades se aplican los controles de seguridad de la información establecidos en los ambientes productivos. 2 - Adicionalmente como se prueba que hay controles de seguirdad de la información en el plan de continuidad? 1 - How to define the information security controls within the activities of the continuity plan? I do not understand if it is necessary to define in each activity how the security of the information would be ensured or have a general section the continuity plan where I mentioned that the information security controls established in the production environments are applied in all activities. 2 - Additionally, how is it proven that there are information security controls in the continuity plan? -
Statement of Applicability in Conformio
Thank you very much for this information! I tested and now it works. So the issue is indeed solved. However I have one question about this task:
I don’t seem to find the correct place to store such information. Could you please advise where such tasks should be handled? Outside Conformio? By creating some specific document? Or is there a place inside Conformio what I can’t find.
-
Question about software
While downloading software, a hash may be provided to do what? I just need to know if it is a genuine number or correct file path? I am not sure -
What does it mean to have security classification in a document?
Want to know what does it mean to have security classification in a document? -
Conformio - Justification in SoA
In the statement of Applicability, I can see preselected controls based on the risks. I’m adding additional controls as well. There is a ‘justification’ box here. Is it mandatory to type why I’m adding these extra controls? -
Project Plan for ISMS Implementation
Using your toolkit, I am preparing our Project Plan for ISMS Implementation. I saw sometimes a consultant's title changed to "Mentor" in the videos for our toolkit, can you explain why? How are they different? In addition, where can we find a mentor? -
DR test report template
Hi, I was wondering if you would have a DR test report template I could recommend to my client. They are ISO27001 certified but need some guidance on putting together a meaningful report after a DR test was performed to present to management -
Risk Assessment : Which assets to take into account
In the scope of our ISMS, we only focus on our SaaS platform. So in the list of assets, I'll for example consider the customers' data stored on the platform as well as all software components of our platform. But what about assets like employees' laptops ? Are they to be considered as assets, or as potential vulnerabilities as threats may use laptops vulnerabilities to access our SaaS platform and extract sensitive info? -
Declaration of applicability in ISO 27001
I have a question about SOA. If, for example, last year we received a certificate for ISO 27001 and the certificate states the Statement of Applicability from, for example, from 01.05.2020, and certainly, there is a version on that Statement, can the version and date be changed now, for example, to put version B, date 24.11.2021.a not to be certified again? I mean I don't know if you understood me, but basically, I want to know if I can, for example, change the version and date of the SOA every year, even though the certificate we last received has one date?