Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Processes, Actives, Procedures, Process , Functions
I'm a little bit confused with some terminologies such as:
1. Process.
2. Activity.
3. Procedure.
4. Function.
5. Policy.Could you please explain these terms giving some examples?
-
Implementation duration for ISMS/BCMS
according to your calculator (- Duration of ISO 27001 / ISO 22301 Implementation) we would need 8 months for ISMS or BCMS implementation. How long do you estimate if we implemented both at the same time? Would you recommend implementing ISMS first and then BCMS, or both at the same time in order to use as many synergies as possible?
I ask the same questions regarding ISO 27017 and 27018. Should these be implemented at the same time, or is it better to follow them up according to ISO 27001?
-
Scope definition
In my Company, we want to establish iso27001 on Whole Organization. We Develop, Establish, and support ERP Solutions. ERP use some web service (Micro Service or API) from some third parties which some of them have licenses and others is free. Is Web Service effect on ISMS Scope?
also, Should we consider the risks of using the API in the risk assessment Process (like Access Control, Malware Analysis, Monitoring, ...)?
-
Implementing ISO 27001 - timeframe
how much time does an org need to implement ISO 27001 after workshop of Lead Implementor?
-
ISO standards for Operations Security and Security Incident Management
1. To meet the ISO standards for Operations Security and Security Incident Management, is implementation of a cybersecurity tool necessary?
2. How much history of “records” is needed to show the auditor evidence of newly formed operational processes?
3. Typically, once the ISMS prep is completed, how long after can a company get certified?
4. Typically, for a small company, less than 20 employees, 5 sites, how long does ISMS project take?
5. What are some examples of the information assets for the inventory list for a small company -
Certifying bodies
I’m looking for certifying bodies for ISO27001. PWC is one but am looking for 2 more to get a quote from. Preferably located in ***. Any suggestions?
-
Role of an ISO Lead Auditor and Implementer
1. What is the role of the lead auditor and lead implementer in ISO processes?
2. What should an organization have such persons?
-
Risk assessment
How to Perform Risk Assessment
-
Risk assessment
Junto con saludarte, te comento que estoy haciendo mi evaluación de riesgo y tengo unas dudas al respecto.
Por ejemplo, uno de mis activos es el servidor, las amenazas sobre el son varias, por ejemplo: fuego, inundación, etc… si yo ya tengo disminuidas esas amenazas poniendo sistema antiincendios, alarmas, extinguidores, sala aislada, etc…tengo que incorporarlas dentro de mi evaluación? Y de ahí asignarles un valor que resultara en aceptable o inaceptable? O la evaluación de riesgo se hace con lo que ya esta implementado…
(Along with greeting you, I tell you that I am doing my risk assessment and I have some doubts about it.
For example, one of my assets is the server, the threats on it are several, for example: fire, flood, etc ... if I already have those threats reduced by putting a fire system, alarms, extinguishers, isolated room, etc ... I have to incorporate them within my evaluation? And from there assigning them a value that would result in acceptable or unacceptable? Or the risk assessment is done with what is already implemented ...)
-
Question about documents
Hi all,
1 - Are documents covered by the document control policy only security-related E.g. regulation, or is it any company document?
2 - Is there a clear definition of external documents? The concept seems nebulous. Maybe a sample policy we can look at with some examples of what other organizations do may help.
3 - For example, an email is an external document, so would someone be tasked to archive them somewhere in this policy?