Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Question about policy
Thanks for your continuous insight into Management Systems.
I have 2 questions on my mind.1. Is there any document showing how to link policies? That is which policies are dependent on which policies?
2. How to show risks of inadequate leadership in a nice way
-
Risk treatment plan
If we have identified a control in the SoA that is a legal requirement or a management decision to implement, can I document the associqated tasks in the RTP or should I create a seperate spreadsheet to handle these?
-
Toolkit content
which product has A.18. Compliance i stopped by yesterday to ask about this we have the toolkit but I don't think it inclues this one is there a different one which may? -
A.12.6.1 Management of Technical Vulnerabilities
Hi I'm a customer with a question - is there anything specific regarding patching in the toolkit that we purchased. I see that the ISO has a standard: A.12.6.1 Management of Technical Vulnerabilities but not sure there's this document in the toolkit
-
Difference in clauses
When I read ISO 27001 I had one question, I wanted to inquire about it, what is the difference between clause (6.1.2) and clause (8.2), as well as clause (6.1.3) and clause (8.3), is it just a repetition of the information? Please explain. Thank u very much
-
Question about policy
1. Is there any document showing how to link policies? That is which policies are dependent on which policies?
2. How to show risks of inadequate leadership in a nice way.
-
Disaster recovery plan difference
1. Can you please advise what the difference is between the EN and the cloud documents (screenshot below)? The READ THIS FIRST does not explain. I checked the Table of Contents. Is it for different scenario’s depending on if existing systems are cloud-based or on-premise? Apologies but I thought it would save time to ask.
2. Also, I can open the files on my personal computer but when I copy them to my organizations network, they won’t open even when I rename them They must be blocked by our own security filters.
-
Objective for certification the university
5 clear objective for certification the university would like to achieve according to iso22301 that is the questions
-
Annex A
1. ISO 27001 Annexe - I have a question regarding A 14 System acquisition, development, and maintenance. We are a software development company. Does this part apply to software we develop (as a business) or only for internal soft we could develop I mean for internal use?
2. ISO 27001 A 15 - May I apply this measure to the Critical IT supplier Only? Or should I apply to all suppliers?
3. In annex A can we justify that we do not choose a measure by saying "company capacity is to light" or things like that?
-
Fast-track information risk assessments
Hi,
I have very limited time to conduct risk assessments - usually no more than an hour at most. I think it is important to hold a face-to-face consultation to capture the initial info then follow-up by e-mail for further details to cover the inevitable gaps.
How can I make the best use of the F2F time I have - what are the right questions to be asking when using a basic asset-threat-vulnerability methodology?
I appreciate this will be subjective and depends on lots of other factors - I'm just looking for a general approach at this point.
Thanks,
Brian.