Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Business continuity policy and objectives
Recientemente ***, VP de ***, a solicitud nuestra, adquirió el Paquete de documentos sobre ISO 22301 español (con soporte experto) a través del pedido No. *** .Tuvimos noticias de este servicio cuando participamos en un webinar impartido por ustedes recientemente. Gracias por el buen producto que nos han suministrado. En este momento, estamos trabajando en el documento Política de Continuidad del Negocio y queremos plantearles lo siguiente:
Observamos que la plantilla (template) que proponen no contiene un postulado específico o declaración de política, como ocurre por ejemplo en el caso de la ISO 9001-2015. Asimismo, en el contenido del título Definición de objetivos de continuidad del negocio, no se definen o muestran ejemplos de estos objetivos, sino que refiere a un documento interno que no está dentro de las plantillas suministradas.
¿Pueden por favor facilitarnos modelos escritos para la declaración de política de continuidad del negocio y de objetivos específicos de continuidad del negocio?
-
Information security in project management
At what point is info security in project Mgmt apply As in does this clause in annex A apply to every company by default. What projects does it focus on
-
ISO 27001 and ISO 27031
How do you see the practical interlock between 27001 and 27031?
-
Explanation of Annexure 18 of ISO 2017:2013
Could you verify if my below mentioned explanation of Annexure 18 of ISO27001:2013 is correct?
ISO27001:2013 Annexure 18 Compliance: talks about regulatory and compliance breaches.
If organization outsources any of its processes with non disclosure agreements and 3rd party vendor gets involved in any kind of data breach, then the annexure control that states, "Information security is IMPLEMENTED AND EFFECTIVE" is non complied.
Auditors should take this into account and look for any data breaches that were reported not only in the audit period but also if any preventive action was taken after the last reported breach. And incident response action took place to control the damage.
The number of data breaches occuring are telling a different story.
Misuse or abuse of customer data is not a behavior issue. IT IS CRIME.
End customers not reporting data breaches is a system vulnerability. This does not mean at all that third party vendors have not compromised customer data. There had been cyberattacks where local criminals and insider or ex-employees were involved in the crime.
Organization needs, not only to audit it's vendors for policies implemented but also take strict action against every data breach that occurs and report every breach incidence regularly to regulatory authorities.
Your thoughts on this would be appreciated and enlightening.
Thank you
-
Enterprise Data Centre
Study the physical and logical requirements for an enterprise data centre regardless of its size? and what are the practical solutions ?
-
SOC Reports
Hello Dejan,
I hope you are doing well,
1 - I would like to ask you if you have some resources for learning about SOC reports.
2 - Is it worth if a company works on ISO27001 controls and the SOC reports at the same time? Does ISO27001 cover the SOCs?