Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
VA-PT testing
What are the threats and loopholes hackers take advantage of even when my organization is ISO27001 certified and regular VA-PT testing is conducted ? -
Business continuity plans in a larger company
Wondering how you see structure of the business continuity plans in a larger company (+1500 employees)? - one plan for each critical business area/function? - one plan for IT recovery - including crisis mgmt plan - one plan for building recovery - including crisis mgmt plan - one plan for critical business recovery - including crisis mgmt plan ... ensuring all plans are aligned ??? and work together ?? THANKS for your words on this!! -
Preparing SoA
We are trying to implement an ISMS to ISO 27001 standards in my new organization. In trying to prepare a Statement on Applicability, I discovered that virtually all the controls were based on business requirements, best practices, contractual obligations and legal requirements. They were not based on the result of risk assessments. Can the organization still go ahead with the implementation process, or we will need to reassess the risks on a risk assessment basis? -
Question on SOA
In your template for the SOA you show the column “Control objectives” for which in my understanding S.M.A.R.T objectives shall be listed. In your ISO 27001 foundation course video about the SOA, this column is missing. Therefore, I would like to know if it is mandatory or not? Because I struggle to find adequate measurable objectives for all applicable controls. -
Business continuity elements
Can EHS' ERP be part of the BC? EHS - Environment, Health and Safety Emergency Response Plan -
ISO 27001 new version and becoming a consultant
1 - My company is intended to implement iso27001:2013, But I've heard that new version is coming, And I need to know if I start at the beginning of next year does the new version will affect me specially if I use your toolkits. Will it be updated. 2 - Next part is personally, after implementing the standard in my company , I would like to do my own business in iso 27 as consultant so Need your advice please. -
Audit findings
Hi Dejan , what is your view if an auditor gives me findings for not securely control employee's records. However, my ISMS scope does not cover employees record to be protected. ISMS scope is to protect information gather/process in procurement system. Appreciate if you could give your professional view. -
ISO 22301 question
1. Hi, my company purchased templates from you for 22301. As I look through some of the docs I'm seeing some discrepancy in how documents are named and referenced (eg, Business Continuity Management Policy v Business Continuity Policy). 2. I have a question on the "Risk Treatment Plan": according to 03.1, this document template should be in the 04 Toolkit Folder, but I do not see it in our package. Is this Plan just another title for the Methodology, or am I missing a document template? Thank you for your help! 03.1 Business Continuity Policy refers in Paragraph 3.3 to a Risk Treatment Plan, which I don’t see elsewhere in your list of documents. Is this the same as one of the documents in the 04 Risk Assessment and Treatment folder? -
Extended controls documentation
I can’t find the ISO-27018 Extended controls documentation. Kindly get me the information -
Business Impact Analysis Methodology
Yes, I already have the first question: In section 2.5 Amount of work, its text is not really clear. Would you please elucidate about what is meant with "... the periods with highest workload peaks are identified, and the minimum business continuity objective is determined"?