Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Risk Consultation
Can I include information security objectives within the risk treatment plan? How should I include the information security objectives in the asset list and then assess the risks and treat them?
-
Conformio and ISMS
Sorry bother you so much, I've implemented the 9K, 14K and 18K a few times already but it's the first time on 27K. So I've got another question for you. I'm trying to achieve the 27001, 27017 and 27018 at the same time, which are the main ones for any SaaS company. So for instance, the Information Security Policy is mandatory for all of them, however when I open the doc we have in the platform it seems not to cover 27017 and 27018. So my question is, should I request those specific docs straight for you? If we you guys have it as well. There aren't many docs but they are important for the ISMS compliance. Thanks one more time for your amazing help/work. -
Risk treatment plan
hola, quiero hacer una consulta. Si el Plan de tratamiento de riesgo, es considerado como "Plan de acción" ¿pueden incluirse en en el plan los objetivos de seguridad de la información?
-
Como devo prosseguir com um relatório?
Como devo prosseguir com um relatório?
-
Internal auditor qualification
What is your suggestion what qualification internal auditor should have as part of implementation....iso 27001 lead auditor is sufficient?
-
Conformio documentation access
I'd like to see a few docs with you that I am in need of but couldn't find. Please find the list below. - Policy on the use of encryption - Operating procedures for IT management - Secure system engineering principles - Business continuity procedure - Cloud Security policy - Policy for data privacy in the cloud - Statement of acceptance of ISMS document I got this list from a doc of yours called "List_of_documents_ISO_27001_ISO_27017_ISO_27018_Cloud-EN.pdf", and most of them are mandatory for the ISMS from 27001 and a couple of them for 27017/27018. All the other docs I needed I was able to find in the platform. If you can help me with that would be great. -
Implementation of GDPR & ISO 27001
Three questions related to implementation of GDPR&27001:
1. Which approach should be taken to development of the Information Security Policy taking into consideration that we already have three sources and three templates of this document?
- 11.3.1_Information_Security_Management_Policy_20000_EN
- 04.1_Information_Security_Policy_Integrated_EN, which is included in the folder 04_General_Policies part of the GDPR&27001 Toolkit
- Information Security Policy to be generated via Conformio
2. How to approach the development of the remaining documents within GDPR&27001 Toolkit, because they are integrated with GDPR and those on Conformio are not integrated with GDPR? As you already know, we should develop/achieve an integrated GDPR&27001 package of documents at the end of the day.
3. Given the fact that we don’t have the obligation to assign a Data Protection Officer and create it as a job title, what other role would you recommend – Data Protection Controller’s representative or other approach will be more suitable in order to comply with the requirements?
-
ISMS & BCMS risk assessment
Our organization ERM & BCMS risk is 5 (impact) x 5 (likelihood), however the ISMS is 4 (impact) x 4 (likelihood), can we use both or it should be aligned. based on your audit experience, is it nonconformity or not.
-
How to write a proposal for ISO 27001& 9001 and Partnership
I have been given a task to send a
Please let me have your thoughts and views on these, this project is based in *** and I have been given 3 weeks to send proposal to them.
-
Specific German legal requirements
Hi,
I am currently trying to compile a useful collection of legal requirements…
On your webpage you provide the titles of various laws.
Do you have a more specific collection that point towards the actual requirements for the isms.
I do not have the resources to read the texts and compile the specific information.