Please select user.
There are no topics yet.
Hello, I have a question regarding the ISO 27001 certificate, does this certificate include AML policies?
how exactly do the individual ISMS processes need to be mapped? E.g., is it enough to write "HR" or do I have to explain every step of for example the process "managing employees"?
Ola Dejan, grato pela resposta.
Permita-me uma outra pergunta: com a pandemia, foi revista a política de dispositivo móvel? Ela tem alguns pontos onde certamente não cumprimos pela emergência de colocarmos funcionários em Homeoffice. Como a versão que possuo é de 2015, houve alguma alteração?
Could you advise what documents would be required from a support/CSM perspective, please
completed this training already and I enjoyed it.
Quite a lot of this content was a ‘common sense’ for someone who works in the field, but it will be new to other staff members and my ISO 27001 team members.
I’m just wondering if this training plus our GDPR e-learning and an annual refresher would be enough to satisfy the requirements of ISO 27001?
I think some input on policies and procedures would be required too.
As part of compliance with the NIS Regulations we are identifying assets, grouping them and them Risk Assessing them as a group.
Our aspiration is to implement ISO27001 in the future so I am thinking this is an opportunity to get our Risk Assessments aligned to the standard. I am guessing for ISO27001 we would have to risk assess the invididual assets rather than as groups?
So, rather than risk assess
Would we need to risk assess as follows?
Business System 1
Business System 2
Business System 3
Business System 4
Business System 5
Desktop Application 1
Desktop Application 2
Desktop Application 3
Desktop Application 4
Desktop Application 5
How does Conformio support asset and access mgmt processes?
We're a software development team of 3 persons. 2 of the persons are hired directly as employees in our company but the third developer is hired through his own company, which means that legally he is a 3rd party. BUT he only works with us for the time being, being supervised by the two other developers and in every other way working as if he was practically hired directly by us in our company. Is this considered "Outsourced development"? I mean it's not like we've engaged a large company to do the development for us. The only difference is that he is sending invoices to get paid while the two other developers are getting their salary as employees.
So - is a developer hired as a consultant considered outsourced development?
Te reescribo la pregunta que por el chat podía estar mal redactada.
Para mí, como autónomo que me dedico a la asesoría, ¿crees que es más acertado que “me implemente” la 27001 ó la 22301?
(no me refiero a implementar a otros)
As part of our support, I want to request some more explanation on the questions below related to ISO-27001:
Evidence of Communication Plan for Communications Related to the ISMS
Documented Management Review Process
Evidence of the Results of the Management Reviews
Kindly provide more explanation about these requirements and what document templates maps to them .