Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Alternative site for operational continuity
1. I would like to know what are the elements that should be considered when designing the layout of the alternative operational continuity site.
2. What type of office equipment should be installed at an alternative site for operational continuity?
3. What do the good practices say regarding the layout design of the alternative site and equipment to be assembled?
-
Risk assessment
Thank you for your recent reply – this was very helpful.
I’m back with another question:
As I understand it, the risk assessment is used to identify which assets/threads calls for the implementation of controls due to a high risk score. This is helpful in order to know which controls you’ll have to implement. My questions goes as this:
“Can” I document and implement, lets say i.e. an “Acceptable use of assets” policy (Annex A control A.8.1.3) even though nothing in my risk analysis points to the need of this? Or should all controls/policies be implemented based on what is found to have a risk score on 3+ in my risk analysis?
I hope this makes sense. If not, please feel free to ask clarifying questions. -
BCP Plans and procedures
Hello,
I have completed the phases below:
- BIA
- RA
- CONTINUITY STRATEGYI'm now doing the phase (BC Plans and procedures);
- Crisis and communication management - DONE
- BC plans and procedures - on going for a document model conceptionI need help to write the model, that I can use for all structures of our organization.
Thank you so much for your help
-
Time-frame to be ISO 27001 compliant
I would like to know how long does it take to make a startup of 5 people ISO 27001 compliant? and how much?
-
ISO 27001 Certification for Travel agency
What is the relevance of a travel agency getting 27001 certified?
-
ISO 27001 and alignment with other ISO standards
Hi! Just a question regarding ISO 27001. Does that fit in to the common structure of ISO 9001 and 14001 too?
-
Evidence of competence
Hello dear Advisera Team,
1. Should evidence of competence be related to Information Security, or IT, or something else? Which competence do we have to justify? Should we have the evidence for everybody, or only just for IT Manager or Admins e.g.?
2. What if we have an online learning platform with Data Privacy Training, but only half of the employees completed that training? I don't think it is enough, can it raise a non-confirmity?
Thank you!
-
Risk Assessment Method
Can I use the CIS RAM as my Risk Assessment Method for implementing the ISO 27001:2013? I feel very comfortable using that method but need to know if it is appropriate to use it with the ISO 27001. Or the best scenario is to use the ISO 27005:2018?
-
Customer management
Me gustaría saber por qué en ISO 27001 hay una “Gestión de Proveedores” y no hay una “Gestión de Clientes” ?
De que manera debo alinear o asegurar a mis clientes dentro de mi implementación de ISO 27001?
-
Data retention
It would be great if you could tell me if ISO27001 or other standards require companies to remove customer data after the contract is finished. Actually I don’t mean personal information, mostly data which data analytics use for the machine learning, model training and so on. I am looking for B2B businesses data retention requirements.