Please select user.
There are no topics yet.
I am using the Conformio site and want to know what departments would be involved in the ISO 27001. Would I list all the departments in my Company like Customer Support, Sales, Application Development?
ISO 27001 / GDPR ... What steps are left to becoming certified once templates are completed. A review of documents completed /stored.
We are a *** based company who manufacture dental instruments, under the name of ***.
a) We export to EU and USA,
b) We do not sell by our own name
c) We stamp the brand or name of the company we export, on the instruments.
Now, we are in contact with a European company for acting as our EU AR.
They say: ***, by MDR definition, is not a "legal Manufacturer", as *** is not selling in the EU by its own name or brand.
So we can not act as *** EU AR.
My questions are:
1. Are they right in their observation?
2. We need aan EU AR or not?
3. If not, then, what should we declare on the labels, *** as Contract Manufacturer?
Please help us and guide us in this regard.
which document will be applicable for monitoring related work? Like I mentioned, I need to preview and then purchase any document that will guide me on monitoring/managing a already certified program. can you indicate which document will be applicable for review related to that?
Con su permiso, tengo una consulta. ISO cuenta con una norma que vincule seguridad de la información en el Teletrabajo o Home Working ?
I have been asked a question regarding a customer showing to their customer that they have aligned the ISO 27017 ISO 27018 controls to the ISO 27001/ISO 27002 Annex A controls. Could this be entered on the certificate or mentioned in the scope statement if it was included in the needs & expectations of interest parties?
Please confirm if there is a difference between ISO 27002 and Annex A? I’m busy preparing to write the IS competence unit I failed and want to make sure that I have the right material?
One of our clients in the USA is already ISO 9001 certified, and we are supposed to assist them in the implementation of ISO 27001. I want to get your opinion on the documentation approach that we should follow. Should we work on integrating ISO 9001 and ISO 27001 by combining some documents, or is creating a separate set of documentation a better approach? What is usually followed by other organizations when they are already ISO 9001 certified and moving forward with ISO 27001 implementation? I have downloaded your document that clarifies about the matrix between ISO 9001 and ISO 27001 but it does not give me enough clarity on what documentation approach should be followed while drafting in this scenario when the company is already ISO 9001 certified and all documentations are in place.
Looking forward to hearing from you for the necessary clarification and suggest if there is any integrated toolkit approach for ISO 9001 and ISO 27001 is available.
Can you explain more on RPO, RTO, BC strategies, Testing, and exercising?
HI, just following on from the webinar last week regarding the Certification Process - which was very good thank you – I’ve a couple of questions if that’s OK:
1 - Training / Awareness
Prior to the webinar we had been led to believe that our planned approach – namely:
Publish the IS policy & notify everyone it is available – but not actually record who has read it
Publish a number of awareness bulletins and encourage people to discuss them at team meetings
Run a small number of online sessions whereby information on various aspects of ISO 27001 / Information Security are presented. The attendee list for these events would be retained
would be sufficient. Would you agree with that or, as I think you implied would the auditor expect that we had a more formal approach to training with people being recorded against the training sessions they have completed?
2 - Internal Auditor
Is it mandatory that the internal audit is carried out by a certified auditor (whether that’s an internal member of staff that’s been trained or a 3rd party retained for the audits)? One thought was that following the first initial audit where we would use a qualified third party we would compile questions that would need to be completed for subsequent audits. Selected people would then take those questions round the business at the appropriate time – though they would not necessarily be accredited.
Any information you can give would be greatly appreciated.