Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Acceptable use policy
I have a quick question, the acceptable use policy.
1. When it is ready, can it also be used as information security policy? As a more detailed version?
2. And secondly, is it necessary that employees sign the acceptable use policy? Or is it good enough to communicate the policy within the organization?
-
Company records
Why is it not best practice to classify all company records as confidential?
-
27018 controls
Re ISO 27018, we have a substantial amount of our infrastructure in the cloud (Azure and Google). Do we need to apply any 27018 controls, or can we cite the compliance of Google and Microsoft with the ISO standards to check that box?
-
Risk analysis process
At the moment, I have a query. In my experience, risk analysis is a process that takes a long time to implement in companies (in some cases 3 years to make the first turn). And how do we know it starts and never ends. In this regard, what is the level of initial risk analysis that they recommend? taking into account that generally when an organization decides to implement the security policy as soon as possible.
-
Process diagram
1. I would like to know if there is an excel template to register a new change.
2. And the other thing is about the process diagram. I believe it is essential for that document.
-
ISMS scope - Networks and IT infrastructure
I just started to look into your ISMS scope template and video but 3.4 Networks and IT infrastructure not explained your video tutorial.
About my company: It's a *** based software development company (mobile apps and web development) and around 15 employees working in my company.
-
5.1 Leadership and commitment
1. What Template in our Toolkit contains this Clause?
2. Can we be compliant with this clause maintaining our Information Security Policy? If yes, what shall we give emphasis on apart from company Policies and guidelines?
-
A.18.1.3 Protection of Records
Does the Topic Protection of Records limit to the protection of ISMS documents only? If not, then what other Records of the Company needs to be protected and please suggest some ways of protecting it. -
Implementation of ISO 27001
Do you have a template for a copyright protection policy to meet the requirement of Annex A.18.1.2?
In your pdf list of documents, you point out that A.18 does not exist as a separate folder, but the content for it can be found in the following folders:
02 - Requirements identification process
08, A.8 - Management of values
08, A.10 - cryptography
Unfortunately, we cannot find a template for a guideline for A.18.1.2 in these foldersCan you please help us here and contact an expert?
-
Pricing a consultancy
I am new at Consulting but have been a business continuity manager for a large international financial institution for over 15 years until they moved their operations to *** in 2017. I hold the CBCP and ARMP certifications from DRI.
I am in *** and the market is small. How would you go about pricing a consultancy to prepare a business continuity plan for a small trust company that has 8 employees?
I would prefer to do the costing as a project rather than an hourly rate. Would appreciate your guidance.