Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
FCS security governance critical success factor
What measure indicate me a risk of failure on governance ISMS , for example
The number of communications from board of directors relating to information security or % of board meetings that did not address security issues
what else can i indicate , thank you -
Question about mandatory documentation
in the White paper: Checklist of Mandatory Documentation Required by ISO/IEC 27001 (2013 Revision) the Supplier Security Policy is market mandatory, but List_of_documents_ISO_27001_ISO_22301_Premium_Documentation_Toolkit_EN.pdf marks only A.15.2 Security Clauses for Suppliers and Partners mandatory? Am I reading this right? My customer wants combine Supplier Security Policy to another document and that’s why I’m asking.
-
Queries on ISO22301, BCM
Seeking your help on below specific questions. Please respond to below queries:-
1) Difference between keywords 'resume' and 'recovery' w.r.t ISO22301.
2) Difference between RTO and MAO as per ISO 22301. I have read the definitions as per the standard but it looks like both are same and just the difference between wording is there in their definition. Please give a detailed response as these are very confusing. Also, is MAO >= RTO always?
3) Difference between Crisis Management plan and BCP and relation between them
4) Difference between crisis, disaster and incident along with examples
5) Difference between Resiliency and Business Continuity/BCM
6) Difference between BCP and BRP ( Business Resumption plan) -
Implementation of the ISO 27001
My name is *** and I am the Quality Assistant of our *** Manager, ***.
I will be investigating the implementation of the ISO 27001 with a group of colleagues and will report to ***accordingly.
First I’d like to thank you upfront for sharing your expertise and information below to hopefully help us decide to purchase this toolkit.
We are very interested in your toolkit below yet some topics crossed our minds of which we are curious to know before purchasing.
Since we are already certified for ISO 13485 I was wondering how this could be of advantage to us in implemented the ISO 27001 standard.
Therefore these questions raised:
1 - For instance, would it be sufficient for us to adjust certain procedures we already have because of this? Besides creating new ones that are required of course.
2 - Is integrating ISO 27001 into our Quality Management System possible?
3 - Does a gap analysis exist between ISO 13485 and ISO 27001 and if so, has it already been made?
4 - Is this kind of information also addressed extensively in your toolkit?
-
Vendor Reviews
I work for ***, which provides software and services to help companies do webinars. I'm trying to figure out if certain companies that we use their services need to be on our Vendor Log, and if we need to perform periodic vendor reviews for them, etc. It is clear to me that our Key Vendors and all vendors who interface with our software would need to be included. But what about companies like ***, who helps us manage our social accounts? It is not clear to me where the line is in cases like this. Thanks very much. -
Implementation difficulties
What do most people find most difficult to implement