Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
A.5 and A.8 elements
Our organization had purchased the ISO 27001 from Advisera last year, I am in need of your assistance pertaining to ISO 27001 packet and its documents within.
While implementing elements of ISO 27001/A.5 and A.8 elements, few of my results pointed to the following documents/forms, however, they are NOT available in the ISO 27001 packet we purchased.
How do I obtain the following list of documents so that I may complete my asset management and controls?
A.7.2.1 - Management responsibility
A.8.1.3 - Acceptable use of assets
A.9.1.1 - Access control policy
A.12.3.1 - Information backup
A.13.1.3 - Segregation in networks -
Chemical lab test
What are the measures which should be followed in a chemical lab for assuring the quality of the test?
-
User Account Responsibilities
I have a query in the “IT Security Policy” document.
3.6. User Account Responsibilities
The user must not, directly or indirectly, allow another person to use his/her access rights, i.e. username, and must not use another person’s username and/or password. The use of group usernames is forbidden.
Query: As per the clause ‘A.9.3.1’ the individual users shall have and secret authentication information. We are manufacturing firm and use shared assets.
1. How do we comply to this clause?
2. Is it necessary to have written on this clause in the policy?
-
Adopting the ISO 27001 standard
I have a meeting next week the 27th with the *** where I have been selected to present a technical overview to adopt the standard officially in *** for our Banking Sector and Auditing Firms. If I may ask, what would you suggest a good platform to present to them a foundational background and why it is important to any organization to adopt the standard?
-
Business impact analysis
does the new ISO 22301:2019 makes obsolete ISO 22317:2015?
In the new version of ISO 22301 Risk assessment is connected with BIA. -
ISO Standards for HR Policies
I am considering adopting ISO standards for HR Policies. Can you tell me why I should adopt ISO standards for my HR Policies?
-
Maintenance of ISO 27001
1. I want the process of maintenance after organization certified with ISO 27001.
2. How to maintain the document policies procedures etc related the ISMS
-
Asset for Risk Assessment
How do I know I have listed all assets for the risk assessment?
-
ISO 27001-ISO 27017 and ISO 27018
Our company is ISO 27001-2013 certified and also attested 27018 and 27017.
The question is if we move our apps into the cloud, will this revoke our certificate - we can not claim that we are ISO certified ?!
My personal opinion, No, we still are certified and will continue be certified as long as all our security controls are in place and we are taking all necessary measures and keeping monitoring the effectiveness of our control -
ISO 27001 costs estimate
I'm trying to figure out costs in relation to certification. I know there is a documentation cost (if we choose to go that way) and then there is a certification cost. However, I am struggling to get a sense of the total cost. We are a small *** company (less than 12 employees) providing a SaaS from a cloud hosted environment. For budget purposes, I just need a ballpark figure.