Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Conformio – adding responsibilities
How would I know which steps to assign to say Marketing, HR or Finance? -
Rules for visitors
Hi, we are a software development company following your templates to achieve ISO27k1. Currently we have a visitors management system in place. Every visitor gets a badge and has to wear it constantly and some other rules apply of course. My question is : where do I state the rules for visitors ? The "Procedure for working in secure areas" seems to be a document that describes only areas where the security measures are higher than the other areas. For example, we have selected our server room environment as a secure are and also the archives and ceo's office, since those are the places where documents are being held in a safe or cabinets with locks. I would like to define and write down rules for visitors for common areas - like conference rooms, the developer's den, kitchen and WCs. Is there a suitable policy that exists in the realm of iso271k ( I've searched, but couldn't find a perfect match ) for such a purpose or should I create my own policy that might not be a part of the ISO 271k. What would be a good place to describe those rules ? We would like to use the ISO27k1 ISMS as backbone for security in the office and it seems like a good idea to have our visitors system integrated in the policies. Please advise. Thank you. -
Departments Involved in ISO 27001
I am using the Conformio site and want to know what departments would be involved in the ISO 27001. Would I list all the departments in my Company like Customer Support, Sales, Application Development? -
Next steps for certification
ISO 27001 / GDPR ... What steps are left to becoming certified once templates are completed. A review of documents completed /stored. -
MDR and Contract Manufacturer
We are a *** based company who manufacture dental instruments, under the name of ***. a) We export to EU and USA, b) We do not sell by our own name c) We stamp the brand or name of the company we export, on the instruments. Now, we are in contact with a European company for acting as our EU AR. They say: ***, by MDR definition, is not a "legal Manufacturer", as *** is not selling in the EU by its own name or brand. So we can not act as *** EU AR. My questions are: 1. Are they right in their observation? 2. We need aan EU AR or not? 3. If not, then, what should we declare on the labels, *** as Contract Manufacturer? Please help us and guide us in this regard. -
Document for monitoring
which document will be applicable for monitoring related work? Like I mentioned, I need to preview and then purchase any document that will guide me on monitoring/managing a already certified program. can you indicate which document will be applicable for review related to that? -
Working from home
Con su permiso, tengo una consulta. ISO cuenta con una norma que vincule seguridad de la información en el Teletrabajo o Home Working ? -
ISO 27017 and ISO 27018
I have been asked a question regarding a customer showing to their customer that they have aligned the ISO 27017 ISO 27018 controls to the ISO 27001/ISO 27002 Annex A controls. Could this be entered on the certificate or mentioned in the scope statement if it was included in the needs & expectations of interest parties? -
Is there a difference between ISO 27002 and Annex A?
Please confirm if there is a difference between ISO 27002 and Annex A? I’m busy preparing to write the IS competence unit I failed and want to make sure that I have the right material? -
Question on ISO 27001 Documentation when ISO 9001 is already in place
One of our clients in the USA is already ISO 9001 certified, and we are supposed to assist them in the implementation of ISO 27001. I want to get your opinion on the documentation approach that we should follow. Should we work on integrating ISO 9001 and ISO 27001 by combining some documents, or is creating a separate set of documentation a better approach? What is usually followed by other organizations when they are already ISO 9001 certified and moving forward with ISO 27001 implementation? I have downloaded your document that clarifies about the matrix between ISO 9001 and ISO 27001 but it does not give me enough clarity on what documentation approach should be followed while drafting in this scenario when the company is already ISO 9001 certified and all documentations are in place. Looking forward to hearing from you for the necessary clarification and suggest if there is any integrated toolkit approach for ISO 9001 and ISO 27001 is available.