Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 27001 + TISAX
Do we need to certify to ISO 27001 and TISAX since we already are certified to ISO 27001 for the past two years? We provide global engineering support to automotive industry.
-
SOA controls
I have a question around the SOA controls. Our company was certified last year on ISO 27001 and we have the surveillance audit coming up.
1. What happens in the case where we realize that some SOA controls that were marked as N/A during last years audit could actually be applicable...
2. What impact will it have on our surveillance audit?
3. Would we need to recertify before going for the surveillance audit?
-
Final Presentation of Project Results
In the Project Plan template, it has a place to enter a date for the Final Presentation of Project Results.
Who is this presentation to and should it be done before or after the self-audit? -
ISMS roles and responsibilities
If there is a documented appointment (in a google spreadsheet) by team leaders to their subordinates as ISMS champions but not signed acknowledged by the team members/subordinates. however, the team members appointed as ISMS champions attended the training for ISMS roles and responsibilities with proof of attendance is it tantamount to conformance to Clause 5.3 (Organizational roles, responsibilities and authorities) and Annex A.6.1.1 (Information security Roles and responsibilities)? -
ISO 22301 gap analysis
We are currently working on a gap analysis, but I can’t seem to find much information about that, regarding the ISO 22301.
I am sure it is like ISO 27001 but do you also happen to have more resources or templates about gap analysis for 22301?
Maybe I just missed it form the template packages. -
Internet Access
With reference to the document ‘A.8.2_IT_Security_Policy_Premium_EN’ under ‘3.13 Internet Use’
Is it mandatory to define access to the Internet, only through organization and not direct access?
If yes, how do we restrict/ define actions for email services, cloud platforms which in general are accessible from the direct network?
If no, what set of restrictions are defined to comply with the requirements of ISO 27001?
Please let me know if more clarification required. -
Non-Conformity 10.1 and 10.2
1. Since we already have the Templates for the Topic “Non-Conformity 10.1 and 10.2” in our Toolkit, Could you please give some examples of kinds of Non-Conformity.
2. Can the Main Deviations marked by the Lead Auditor in Pre-Audit be taken as Non-Conformities?
-
Risk assessments
I purchased your ISO 27001 document toolkit, along with various books.
With regard to the risk assessment, it’s my first time doing this exercise – while the training & templates are useful, I am a little concerned I’m making it more complicated than it needs to be for a business of our size.
As with anything, there are levels of detail you can take it to, and I suspect I might be going too deep.
I was wondering if you had any real example risk assessments for a small/medium-sized *** company that you think are good and would be able to share with me (even if they are a little old)?
While the theory and examples are useful, I think seeing a real one would help me measure the depth required and if I’m on the right track.
-
ISO 27001 security-driven culture
1. How can we create an ISO 27001 security-driven culture in an organization?
2. What are the success factors to ensure ISO 27001 compliance?
-
Productivity and surpasses performance target
How ISO 27001 ensures the productivity and surpasses performance target.....