Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Are templates mapped with NIST and CIS 20 requirements
I have a question regarding the policies and standards that will be customised. Is the template are mapped with NIST and CIS 20 requirements?
-
Legal basis
Please advise regarding the below
As a data processor , what is the legal basis of processing the data noting that we need to process the data to provide our services to the data controller and that consent is not obtained from our side and we don’t sign a contract with the data subject however we sign it with the data controller.
-
Query regarding the career with ISO 27001 Certificate
kindly help me to guide, if the ISO 27001 is the right path for the career. As i have total experience of 6.5 years in a Telecom domain. currently i moved on Telecom security Engineer.
-
ISO 27001 Foundations Course comment
“List of all the controls from Annex A and any additional controls that might be identified in the risk treatment process”
“all the controls from Annex A ” means the 114 controls.
So this should be false and the quiz consider it true.
I know it’s meant this SELECTED controls from Annex A, but that is not what is written.
-
Managing records kept on the basis of documents
Hi Advisera,
a lot of records (e.g. Risk Treatment table, or SoA) that should be created and managed should be according to templates in pdf format. I understand that. But there is a version history in Office365, so that we can check whether they were some unauthorized changes. Is that enough, I mean storing the records in Excel or Word form, not pdf, but with a version history turned on?
-
Network controls
The ISO 27002 requires (in A.13.1.1) Control: „Networks should be managed and controlled to protect information in systems and applications“.
I am interested in particular for items f) and g).What is meant by “systems on the network should be authenticated“ / „systems connection to the network should be restricted“ ?
What is meant by „systems“ ?
Can you please give me some example for better understanding ?
-
ISMS Manual contents
I'm currently guiding an ISO27001 implementation project and aiding people in my team understanding what documentation needs to be done. A topic that comes regularly is the need for an ISMS Manual. I understand this not a mandatory document and to be honest it takes in lots of repeated (summary) information already in other documents of our ISMS. However, I understand some concepts written in this manual may be useful, such as explaining our Information Security organisational structure and the documental framework of the ISMS (what documents do we have, how do we split them into policies, procedures, work instructions, etc.). What do you recommend for documenting this type of info? -
Changing career to Lead Auditing from LIMS company
Hi. Been working as a part time Consultant for *** for close to 6 years now.
However, a friend told me about Lead Auditor late last year and really got me interested.
I do not have experience in Information System Security or a lot of Information security given that *** is a LIMS company.Please advise how I can change my career to Lead Auditing from Laboratory Information Management Systems configurations.
-
ISO 27001 corporate vs business functions
I wonder whether you could advise me, We are planning to have a ISO27001 assessment but assessment team is planning to audit the Business function assets as well. However as far as I know ISO27001 is dealing with Corporate functions only (workplace, HR, IT, Procurement...). Could you let me know whether my understanding is correct? Is there any article already written on this please?
-
How to prepare an audit?
How would you approach preparing for an audit taking place in 8 weeks, what would you prioritise, how would you ensure non-conformities are minimised