Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Register of Requirements
Can you provide me with how to write contracts and regulations for contracts, and is it between IT management and other employees in the same company?
Another question, for example, Microsoft a software company (license and terms of use) the contracts between the IT department
Another question, for example, Microsoft a software company (license and terms of use) the contracts between the employment in compatibility? Please write an answer with details How to structure writing contracts with examples.
-
ISO 27001 and minor non-conformities
We had a question come up regarding ISO 27001 and minor non-conformities. I’ll enter it below hoping that someone from the training team may be able to answer it for us.
Question we have;
We have a certified facility that had a few minor non-conformities during its last surveillance audit.
The audit provider gave the ISMS team until June 2023 to address them. They had 90 days to supply a fix.
Did that mean they needed to report back to the auditor with the remediation by June?
Or do they need to provide evidence that they were addressed by June at their next Audit coming up in March 2024?So, does that ISMS team need to proactivity reach out to their auditor with the evidence that the non-conformities have been fixed?
-
Labelling information
Quick question on the requirement to classify and label information. Are we expected to do this for all historical documentation as well as documentation moving forward?
-
Infosec responsibility for BCP from an IT perspective
is it logical to have the IT responsivity on BCP led by the Infosec team?
-
Question around contractual and legal requirements
Will the organisation have to go through each agreement and determine? If so, this may be a time consuming exercise?
-
ISO27001-cryptographic control
1 - Would you be so kind to explain to me why I see differences between your explanation here: https://advisera.com/27001academy/how-to-use-the-cryptography-according-to-iso-27001/
and my paper version of 27001 - there is Cryptographic control defined under A.10.1.
I have iso 27001:2013
In your text there is mentioned A.8.24
2 - my second question is - can you recommend me any webpage where can I see any example of cryptographic control. thank you
-
Migration from the 2013 to the 2022 documents
I am currently working on a project with a client attempting to get them ISO 27001:2022 certified. The project started in mid 2020 and we took over the project late last year and are using the 2013 version of the templates however, we are not sure whether we need to use the 2022 transition documents to update their project or whether we can stay on the 2013 iteration of the standard for their certification later on in the year.
If you need any further context regarding the project, please let me know.
-
Is your ISO 22301 toolkit covering ISO 22361?
Could you please confirm whether you have Implementation Document Toolkits for ISO 22361:2022 - Crisis management — Guidelines and ISO 22316:2017 - Security and resilience? Or is your ISO 22301 Toolkit covering these requirements?
-
Latest version of Statement of Applicability
What is the latest version of Statement of Applicability? Have the controls changed since 2017?