Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Annex A.14.2 controls
I have a question that I cannot get a clear answer to. I hope that you can help.
My customer develops a software product for its customers. They do not however carry out any software development for themselves. All of the systems that they use in-house are commercial-off-the-shelf packages like Office365, Slack, PeopleHR, and Xero (all of which are SAAS applications). They do not customise the code at all.
We are trying to establish whether or not they need to apply the Annex A.14.2 controls as these are aimed at "developments within the organisation".
Do you have any thoughts on this?
-
ISO 27017 and ISO 27018
The ITU recommendation, do we need to prepare any separate documentation for these or are controls included in standard
-
Psychology within the scope of risk treatment and analysis
Thanks for the update on the course. I have a project that is still in development and I was wondering if you had any information on the issue of psychology within the scope of risk treatment and analysis. If we're going to build the profile of a job that contains a risk at any level either within the task sequence or the individual assessment of the task, how do we determine the responsible strategy of analysis of the situation.