Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Operational Security Objectives
We are confused on this section, Decreasing or Increasing, what if we don't have any incidents for the year, we can't decrease it. We don't have ISO yet and haven't had issues with onboarding customers, would it help in increasing revenue? -
Register of Legal, Contractual, and Other Requirements
I needed more clarification on this section. What information needs to be listed in the register. For contractual, I am guessing this would be our customers since they have a contract with us, but would we have to list all our customers? there are too many and for privacy we cannot list any customers. If we can list just general Customer, should be okay. but not sure what other Parties need to be included. -
CISSP
CISSP is "owned" by ISC2, PMP is "owned" by the PMI, etc., so those certificates are from one body, and the exams are centrally managed. The questions will always be the same, not every training provider creating their own exam. is that the same with ISO27000 auditor exams? Just trying to understand the concept :-) -
Cyber security certificates that guarantee entry-level work
What are cyber security certificates that guarantee entry-level work? -
Question about training
1 - I wanted to know for the Security Awareness Training, if we have our own training, can this be used and we just have to log when the training was completed? Who should participate in the training as all employees take this training. 2 - It's from a site KnowBe4. I wanted to know for this part can our employees use this site or they have to use your site for ISO? Do we have to show who has had training? -
Missing documents
Hi I am a customer and purchased the ISO set, but 12.4.1, 2,3 and 4 are not in the document set" Can we look into this and send him the missing documents? -
Statement of Applicability
Grateful if you can please confirm on the following. We are in the phase of a certification audit. the auditor is currently reviewing the Statement of Applicability (SoA). For clause 18.1.5, Regulations on cryptographic controls: There is no such law currently in XXXXX. So, is this clause applicable to our company for the time being or shall it be record as exclusion in the SoA? -
ISO Certified Auditor
I have a dilemma that you can help me with. I have the option to listen to IRCA Certified ISO 22301: 2012 lead auditor training at Bureau Veritas (they don't have an option for 2019), so I'm interested in how the transition to 2019 would possibly go after that? -
Conformio number of documents
I wanted to know why does it seem that the Conformio site has less documents than the template documents? it seems like it's missing a lot of information. Does it cover all of the Annex parts and has all the templates? -
Scope question
We have one question about the ISMS scope: Our owner/parent company (XXXXX) is also our supplier for several IT services (e.g. network). They define rules and settings that automatically apply to us (in their role as owner). However in their role as supplier they would have to adhere to the standards we (subsidiary = YYYYY) set for them, correct? How should we formulate this in our ISMS Scope and how should we treat it in the SOA? And are there any recommendations regarding how such a relationship should be clearly formulated in an SLA?