Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Risk Assessment
Our organization is ISO27001 certified. Now we need to go for risk assessment. I am confused as our external consultant company is saying that they are using Risk Assessment Matrix as per ISO 27005 & ISO 27001.
whereas our newly hired auditor is saying that the external consulting company is wrong and we should use Nihari or Octavia..My question is that as an ISO 27001 certified organization what should we use?
-
BAU activities
I missed the live session but really enjoyed the recorded version. During the session, you mentioned that it is possible to ask from you directly. I have this project to get this company ISO 27001 certified, this is a small company in the *** with 3 employees in there, 2 developers in ***, and about 40-50 customer service agents in the ***. They are collecting medical records for lawyers and actually, the *** based team is carrying out the BAU work scanning the documents, etc. *** staff only do sales and management, so the operation is fully at a remote location. The persons there are not employees but like sole traders, using their own devices to access the company’s portal to manage the documents.
We want to save money to limit the certification to the US company, so the auditors won’t need to visit the Philippines, however, the ISMS scope needs to be the operation and management of the medical record collection and handling service.
I’m thinking to recommend to the client to handle the BAU activities as outsourced, and we will set the controls from A.15.
I would appreciate your input.
-
Evaluating the effectiveness of the procedure
Hello!. We recently purchased the ISO 27001 toolkit and I was wondering why the procedures state what to check when evaluating the effectiveness of the procedure? Where is that requirement from?
-
Recording ISMS Internal Audit Findings
How can I record ISMS Internal Audit Findings?
-
ISOs 27000 and 22301
Does ISO 27000 cover disaster recovery? Or is it required to use ISO22301? Is this better to do a live consultation for this question?
-
Getting certification after risk assessment
I researched about ISO 27001 and this is the latest in the market. If you can help me with providing a bit about how do we actually get the certification after the risk assessment. Like how do we approach and plan? I will be very thankful to you.
-
ISO 27001: ISMS
I have implemented ISO 27001 ISMS in an insurance company. Now they want to know, whether they need any other framework of Cyber Security to protect them from Cyber threats, OR, the ISO 27001 isms framework is sufficient for them?
-
Project before implementation
Our company decision is to first check our compliance with ISO 27001. This is my project. I attend training for ISO 27001 internal auditor and manager of the ISMS system.
So the scope of my project is to get the info on how and where we comply (gap analysis) and what we still need to do (plan for implementation). Based on this our management will decide to go into activities towards obtaining certification. This will be a separate project.
Everywhere I can just find info on how to prepare a project for implementation, but not how to prepare a project to get my scope. Can you please help me with this.
-
Statement Of Applicability
Is there a rule of thumb (or best practice) as to how many controls from Annex A need to be sustained in the SOA (for smaller companies, i.e. 50-100 employees)?
-
Internal audit against all clauses of the standard
This relates to ISO 27001 and internal audit. I represent a small organization that is implementing an ISMS and who has just gone through the Stage 1 assessment.
The certification body insists that we should complete a full internal audit against all clauses of the standard as a pre-requisite to Stage 2 and also annually after this. I cannot see anything in the standard that says we must do this.Is it OK to ask for your views on this?
The certification body quotes ISO 27006 as justification to put things in context, the company currently employs 12 people.