Please select user.Assign
There are no topics yet.
What is your suggestion what qualification internal auditor should have as part of implementation....iso 27001 lead auditor is sufficient?
I'd like to see a few docs with you that I am in need of but couldn't find. Please find the list below.
- Policy on the use of encryption
- Operating procedures for IT management
- Secure system engineering principles
- Business continuity procedure
- Cloud Security policy
- Policy for data privacy in the cloud
- Statement of acceptance of ISMS document
I got this list from a doc of yours called "List_of_documents_ISO_27001_ISO_27017_ISO_27018_Cloud-EN.pdf", and most of them are mandatory for the ISMS from 27001 and a couple of them for 27017/27018. All the other docs I needed I was able to find in the platform.
If you can help me with that would be great.
Three questions related to implementation of GDPR&27001:
1. Which approach should be taken to development of the Information Security Policy taking into consideration that we already have three sources and three templates of this document?
2. How to approach the development of the remaining documents within GDPR&27001 Toolkit, because they are integrated with GDPR and those on Conformio are not integrated with GDPR? As you already know, we should develop/achieve an integrated GDPR&27001 package of documents at the end of the day.
3. Given the fact that we don’t have the obligation to assign a Data Protection Officer and create it as a job title, what other role would you recommend – Data Protection Controller’s representative or other approach will be more suitable in order to comply with the requirements?
Our organization ERM & BCMS risk is 5 (impact) x 5 (likelihood), however the ISMS is 4 (impact) x 4 (likelihood), can we use both or it should be aligned. based on your audit experience, is it nonconformity or not.
I have been given a task to send a
Please let me have your thoughts and views on these, this project is based in *** and I have been given 3 weeks to send proposal to them.
I am currently trying to compile a useful collection of legal requirements…
On your webpage you provide the titles of various laws.
Do you have a more specific collection that point towards the actual requirements for the isms.
I do not have the resources to read the texts and compile the specific information.
I am advising a *** company at the moment, as well as a ‘daughter company’ in the *** on ISO 27001. Just some questions:
1 - In the ***, there is only one person actively working, but he is (of course) also shareholder. Would it be okay if he does the internal audit? In ***, we want to have the CTO as internal auditor. He doesn’t have shares, but he is part of Management. Would this be okay?
2 - What would be the cost of an online training for these internal auditors?
1 - I purchased the document templates and went with package 2 that gives me unlimited emails. I will more than likely need help with more documents, but I am starting to work on them, and the first document is the 2.1.
I am unsure what to list here, I have read your website but wanted some help. Our company sells Web Portals to customers that integrate with ***. Who would be the stakeholders, I am guessing the 2 owners, Employees, Customers?
2 - Since I am the one in charge of the ISO documentation, I would be the person responsible for compliance?
1 - Is it a fundamental prerequisite for certification in the standard?
2 - How deep should the mapping and documentation for the scope be?
3 - Overall, I still have a lot of questions about the topic "Organization context" and everything it should cover ...
1 - É um pré-requisito fundamental para a certificação na norma?
2 - Quão profundo deve ser o mapeamento e documentação para o escopo?
3 - No geral, ainda tenho muitas dúvidas sobre o tópico "Contexto da organização" e tudo o que ele deve abranger...