Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
IS responsive culture
What can be done to get the company on board to build an IS responsive culture and to be proactive in this matter?
-
Are we allowed to change ISMS policies on our own
We want to make some changes to our policy before our first surveillance audit. We have the ISO 27001 certificate now. Can we simply change the policy on our own without informing anyone?
Are we allowed to change ISMS policies on our own? -
Risk Assessment - Defining asset ownership
When defining asset ownership, would it be correct to set the company board / managers as the owners of some of the assets such as contractors or employees?
-
Communication Security
I want to know how to document network controls when we don't have a specific server for our company connecting the computers.
All our databases are cloud based, so we don't require a server. Can I exclude A.13.1 fully. -
ISO 9001 + 27001 + 22301 implementation
1. I would like to implement ISO 9001 + 27001 (+ 27002 + 27031) + 22301 (+22313) all at the same time within the same company. I know there is quite a lot of overlap between these standards, but what would you advise we use as a starting point? Should we start with 9001 and add-on all of the additional requirements from the other standards? or start with 27001 ... ? What would you recommend?
2. Is there some sort of overview available of the overlap and differences between these standards?
-
IT and Riscs
Tenemos la siguiente duda para saber si con esto resolvemos
De parte de la gerencia de TI y Riegos.
1-La entidad ya dispone de un manual de análisis de riesgo integral. Como seria la integración con la metodología de evaluación de riesgos y tratamiento en seguridad de la información? Podría tener 2 manuales o se podría integrar 1 solo y agregar el acápite
2-La entidad ya dispone de manual de análisis de riesgos TI, pero esta diferente a la metodología que ustedes desarrollaron? Los riesgos de TI serian diferentes a los riesgos de seguridad de la información, se podrían tener 2 manuales diferente o integrar y unificarlo con el documento de advisera?
Nota: Las dudas son básicamente a que si las áreas de tecnologia y riesgos integral tienen una parte de contenido de sus metodología pero la integración o el uso de los manuales con advisera como seria que no afecte las documentaciones actuales
Yo laboro para el área de seguridad y ciberseguridad soy el oficial a cargo pero no quiero tener conflictos con esas dos áreas las cuales siguen unas metodologías que no son 100% iso27001 aunque tenga elementos o algunos.
-
BCP templates
I downloaded form of documents (ISO 27001/ISO 22301 Toolkit demo) and have a question:
Because I need just BCP for manufactory, are the forms suitable for companies in the manufacturing sector? -
ISO 27001 Maintenance Logs
Hello, I'm trying to find out if ISO 27001 requires a company to have maintenance logs of all systems or whether this is optional?
-
Integrated systems
My company ***, is already ISO 9001 certified. This certification is handled by a group in operations.
I am in IT and we are looking to implement ISO 27001 (we have purchased your templates). There are some similarities, what documents can I use from 9001 in 27001?