Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Explanation of Annexure 18 of ISO 2017:2013
Could you verify if my below mentioned explanation of Annexure 18 of ISO27001:2013 is correct?
ISO27001:2013 Annexure 18 Compliance: talks about regulatory and compliance breaches.
If organization outsources any of its processes with non disclosure agreements and 3rd party vendor gets involved in any kind of data breach, then the annexure control that states, "Information security is IMPLEMENTED AND EFFECTIVE" is non complied.
Auditors should take this into account and look for any data breaches that were reported not only in the audit period but also if any preventive action was taken after the last reported breach. And incident response action took place to control the damage.
The number of data breaches occuring are telling a different story.
Misuse or abuse of customer data is not a behavior issue. IT IS CRIME.
End customers not reporting data breaches is a system vulnerability. This does not mean at all that third party vendors have not compromised customer data. There had been cyberattacks where local criminals and insider or ex-employees were involved in the crime.
Organization needs, not only to audit it's vendors for policies implemented but also take strict action against every data breach that occurs and report every breach incidence regularly to regulatory authorities.
Your thoughts on this would be appreciated and enlightening.
Thank you
-
Enterprise Data Centre
Study the physical and logical requirements for an enterprise data centre regardless of its size? and what are the practical solutions ?
-
SOC Reports
Hello Dejan,
I hope you are doing well,
1 - I would like to ask you if you have some resources for learning about SOC reports.
2 - Is it worth if a company works on ISO27001 controls and the SOC reports at the same time? Does ISO27001 cover the SOCs? -
ISO 27001 certification
Cuales son los requisitos para que una empresa tenga esta certificación.?
-
Understanding Context of the Organization and determining scope for Implementation of ISO 27001:2013
1. How to understand Context of the Organization
2. and determine scope for Implementation of ISO 27001:2013
-
Vendor Reviews
I work for ***, which provides software and services to help companies do webinars. I'm trying to figure out if certain companies that we use their services need to be on our Vendor Log, and if we need to perform periodic vendor reviews for them, etc. It is clear to me that our Key Vendors and all vendors who interface with our software would need to be included. But what about companies like ***, who helps us manage our social accounts? It is not clear to me where the line is in cases like this.
Thanks very much. -
Integrating ISO27001, ISO20000 and ISO9001
Trust you are well. My company is looking to implement an integrated management system with ISO27001, ISO20000 and ISO9001. We already have begun ISO27001 using the toolkit purchased from Advisera.
How do I begin integrating the other two ISO standards?
Is there a procedure that I can follow?
Can some of the ISO27001 mandatory documents be used for the other standards?