Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Control A.14.3.1
I want to ask you other questions:
1) I understand that the CISO performs internal audits in a company, but who should audit the CISO?
2) Our company is dedicated to selling ERP in SaaS mode (software as a service), how should control A.14.3.1 (Protection of test data) be implemented? ... it is necessary to obfuscate the information of customers who are in the database?
-
Classification of digital information
I am a journalist and communication specialist. I have experience in media and also in the area of communication advisory in public agencies. I would like to know what is the best way to classify the information, from the communicational point of view, in the advisors of the prefectures with the new mandates?
-
Classificação da informação digital
Sou jornalista e especialista em comunicação. Tenho experiência em mídias e, também, na área de assessoria de comunicação em órgãos públicos. Gostaria de saber qual a melhor forma de classificar as informações, do ponto de vista comunicacional, nas assessorias das prefeituras com os novos mandatos?
-
Specific legal requirement/protection by implementing ISO 27001
What is the specific legal requirement/protection we'd have by implementing ISO 27001?
-
Mandatory controls for SoA
Hi. I've recently bought your template pack for ISO 27001. I was told i could just send you a message if a questions popped up. Right now I'm about to do the SoA but is there anywhere I can find the full list of all 114 controls? And can i somehow see/know which of them are mandatory to implement?
-
Differences between ISO 27001 and SOC 2
What are the main differences between ISO 27001 and the american certification SOC2?
-
Conducting implementation/audit using ISO 27001 and ISO 27701 simultaneously
How does one conduct an implementation / an audit using ISO 27001 and ISO 27701 simultaneously?
-
ISO templates - HR Policy
Can you please help me to find my HR Policy and Awareness? I couldn't locate it in the templates.
-
ISO 27001 Risk Assessment
When initially identifying risks in a Risk Assessment, is the assessment done based on existing and implemented controls or is it as if no controls are currently implemented? For example: If the Threat is fire in an office building, would the Vulnerability be “no fire protection” even if the building already has fire extinguishers and a sprinkler system? Or, should fire not be listed in the Risk Assessment since it’s no longer identified as being a Threat? Thank you.
-
Reconciling Incident SLA vs RTO
As you know, RTO values tends to be higher as disruption levels goes up in scale while in IT Incident Management, the response time or SLA becomes lower. For example, in RTO, if a disruption is on a facility level the RTO would usually involve hours. In IT, the facility level disruption would require IT engineers to work as quickly as possible to restore the services. What are your thoughts on this? A P1 IT incident would have to be resolved in minutes while in BCP a P1 incident would entail a higher RTO.