Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Table Top Exercise /Drill Validity in meeting ISMS Certification
"Our organization has achieved ISO27001:2013 certification for few years back for a Data Center (DC). Recently, we have established a Security Monitoring Center (SMC) and we are exploring to have the SMC being certified with ISO 27001.
We are considering to extend the existing DC ISMS Certification scope to the SMC or to have the SMC to gain a separate ISMS certification.
Below are my doubts that requires your expert advice:
a) Would it be fine to have the same ISMS team who take care of DC ISMS certification to manage the SMC ISMS Certification programme?b) Would it be fine to deploy the existing relevant DC ISMS SOPs to the SMC ISMS Certification? Meaning that we maintain a single set of SOPs but to be used for two separate ISMS Certification;DC and SMC respectively.
c) What are the advantages and disadvantages to maintain a single ISMS Certification for both centers versus each center has its own ISMS certification?
-
ISO standard for Data Governance
Kindly let me know if there us any ISO standard for Data Governance, I am specially looking for guidelines that need to be followed when sharing data with internal departments and external entities. -
Information Asset Register
How crucial is the creation and ongoing management of the Information Asset Register in obtaining ISO 27001 certification?
-
Project to implement ISO 27001
¿Cómo plantear y vender a nuestro cliente el proyecto para implementar ISO 27001?
Estamos en la *** -
Combining ISO 27001 with other standards
Con qué otras ISOs se podría complementar?
-
Help with ISO 27001 implementation
Dear Advisera Support Team
I have just purchased your "ISO 27001/ISO 22301 Risk Assessment Toolkit English" because I really find your concept practical according to the free downloadable materials on your website. Unfortunately after having looked through all the contents of the package, I am not fully satisfied with the purchase while expected more examples related to the asset-threat-vulnerability approach as written here in this site:
Diagram of ISO 27001:2013 Risk Assessment and Treatment process (advisera.com)
Could you please help me out? What I am looking for is more examples like this, something like a collection which ISO controls could address which threat and vulnerability types, a matching table would really help me. I would like to seek your support and advise here, especially when the assets would be infrastructure elements like a Domain Controller or a VPN gateway. -
The best way to include “evidences” of policy implementation
Thank you for this mail. I’m currently beginning redaction of the first documents and follow your online training. As I’m very satisfied of both , I’m also studying the opportunity to take a company account on advisera training for our employees awareness training.
After hours of reading and watching the very complete content of your website (blog, videos…) I don’t have any questions requiring a meeting, except one you could surely answer by email : what Is the best way to include “evidences” of policy implementation (screenshot, configurations … showing that a rule or control is implemented) ?
- put them in a folder listed in the record part of the document (one folder by audit date ?) and put link to invidual files in the document (difficult to handle as folder is not always attached to the document, especially when sent to employees who don’t need to have such evidences)
- put them in aforementioned folder, but without any link ? but this way it could be difficult to see which file corresponds to which rules/ controls
- other way ?
Once again, thank you very much for the quality of your service