Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Distance between server sites
I am looking for either regulation or recommendation for the distance between the primary and disaster recovery location of the server sites. Is there any?
-
Global background checks
Hello, do you have guidelines for Global background checks? based on country, region and local laws How they impact in complying with the certification
-
Query on documents for ISO 27001 & ISO 9001
Hi I have recently taken on a new role as MS coordinator in Logistics Software company which has an IMS 9001 and 27001. Do the required document lists for the individual systems still apply for an integrated system or can some documents be combined? Many Thanks your site has been really useful and has helped me clarify several queries.
-
Is AWS 27001 sufficient to show security?
I run a video consultation company (***), which works via desktop and mobile apps with data being stored in the cloud (AWS which has 27001), is AWS 27001 sufficient to show security or do I need to do additional things? and if so What. We are a small start-up so funding is very limited or zero!
-
Risk Treatment
I am very new in this field (IT Security ISO 27001) and my biggest issue is to understand how can I improve my knowledge and use for the praxis because I have good knowledge about ISO27001 but I don't have any idea how can in use that in praxis.
For example when I have scope and SoA documents how can I implement to the praxis with help from ISO 27001 and create a risk analysis, Risk treatment, and so on.
It would be very grating if you have some advice for me.
-
ISO 27001 scope
1. We use a third party to provide infrastructure for our product (Installation sits on an AWS Server). On the Scope document, what would we put under “Location” for these servers that are provided by a third party?
2. What would we count as our assets regarding these servers that are provided by a third party? These servers are accessed by our staff to do our work using any laptop that is available to us, provided that the IP is cleared by our CTO to access the servers
3. Do we need to reference anything from the Third Party provider? Where will it be referenced in the ISMS?
4. Can you give examples on how regulations, like GDPR, translate into a policy or procedure – like a specific rule in the Information Security Policy Document. I just want to see an example of the wording pattern in a policy where a regulation is referenced.
5. Let’s say the scope of ISMS for now applies to the Services that we provide that are hosted in a third party provided server. What would be examples to exclude?
-
Gap analysis
Does you toolkit have provision for gap analysis?
-
Assessing the infosec requirements for new ict systems
Kindly explain the meaning of Assessing the infosec requirements for new ict systems
-
Implementing information security continuity
I have two questions. First, about SoA and selection of control A.17.1.2 Implementing information security continuity. 1. In ‘06 Statement of Applicability’ > ‘Implementation method’ is [Business Continuity Plan] while In the ‘List of Documents ISO 27001 ISO 22301’ there is marked that ’Appendix 6 – Disaster Recovery Plan’ is mandatory document for A.17.1.2. I may have understood this wrong, but I am confused what one should choose to document if A.17.1.2 is seemed applicable? 2. Second, if one should seem that Disaster recovery should be in place in the Company but A.17 Information security aspects of business continuity management are not applicable, should one use only ’Appendix 6 – Disaster Recovery Plan’ to document recovery? -
Executives involved in ISO 27001
1. How and which Executives need to get involved in ISO 27001.
2. Which documents need to be overseen by them specifically?