Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Lead Auditor Certification
Hi. I want to pass and have ISO27001 Lead Auditor certification. I have experience, I am planning to pass Your course and pass the exam. I have already 1 certification body. In which time frame is possible to "have experience in at least 3 complete ISMS audits
-
22301 implementation with scope of IT department only
Dejan, I have a client who would like to implement ISO 22301:2019 and certify but only within the IT department initially (they might want to extend the scope in the future). My question is: would they be able to do this if they only consider the products and services offered by the IT department to its internal customers within the rest of the company OR do they have to consider the products and services of that the company delivers to its external customers.
My question is about a process for conducting a BIA
-
Internal Audit Report - numbering non-conformities
One first question. Wouldn’t it make sense to number the non-conformities in the Internal Audit Report so we can track it?
-
Alternative site for operational continuity
1. I would like to know what are the elements that should be considered when designing the layout of the alternative operational continuity site.
2. What type of office equipment should be installed at an alternative site for operational continuity?
3. What do the good practices say regarding the layout design of the alternative site and equipment to be assembled?
-
Risk assessment
Thank you for your recent reply – this was very helpful.
I’m back with another question:
As I understand it, the risk assessment is used to identify which assets/threads calls for the implementation of controls due to a high risk score. This is helpful in order to know which controls you’ll have to implement. My questions goes as this:
“Can” I document and implement, lets say i.e. an “Acceptable use of assets” policy (Annex A control A.8.1.3) even though nothing in my risk analysis points to the need of this? Or should all controls/policies be implemented based on what is found to have a risk score on 3+ in my risk analysis?
I hope this makes sense. If not, please feel free to ask clarifying questions. -
BCP Plans and procedures
Hello,
I have completed the phases below:
- BIA
- RA
- CONTINUITY STRATEGYI'm now doing the phase (BC Plans and procedures);
- Crisis and communication management - DONE
- BC plans and procedures - on going for a document model conceptionI need help to write the model, that I can use for all structures of our organization.
Thank you so much for your help
-
Time-frame to be ISO 27001 compliant
I would like to know how long does it take to make a startup of 5 people ISO 27001 compliant? and how much?
-
ISO 27001 Certification for Travel agency
What is the relevance of a travel agency getting 27001 certified?
-
ISO 27001 and alignment with other ISO standards
Hi! Just a question regarding ISO 27001. Does that fit in to the common structure of ISO 9001 and 14001 too?
-
Evidence of competence
Hello dear Advisera Team,
1. Should evidence of competence be related to Information Security, or IT, or something else? Which competence do we have to justify? Should we have the evidence for everybody, or only just for IT Manager or Admins e.g.?
2. What if we have an online learning platform with Data Privacy Training, but only half of the employees completed that training? I don't think it is enough, can it raise a non-confirmity?
Thank you!