Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 27001 examples of the acceptable evidence
I am looking for a reference or book that gives examples of the acceptable evidence to provide during an audit for each of the ISO 27002 controls.
does "ISO 27001 ANNEX A CONTROLS IN PLAIN ENGLISH? provide this? -
Toolkit content
1. Wondering a bit about organization of files; We have a list of policies we need to write first – one is "Information Security Awareness, Education & Training" - I find it in referenced as A.7.2.2
Yet when I go in the folder below where I expect to find it in, there is not an A.7.2.2. document …27001_EN\08_Annex_A_Security_Controls\A.7_Human_Resource_Security.
There IS a A.7.2_Statement of Acceptance.
2.
Also, the following are policies we need; however they seem to paint to no specific document. Where would you recommend we add these?
Patch Management Policy – in A.8.2 – IT Security Policy?
Information Security in Project Management – where to discuss this or assign project manager responsibilities?
Separation of Development, testing & Operational Environments – listed as a.12.1.3 – but not sure where to create it as I can’t find any sample wording.
-
Copy of the ISO/IEC 27001 standard licensed document
I am trying to determine if all employees are required to have a copy of the ISO/IEC 27001 standard licensed document, or is it sufficient for Management to have the standard licensed document only. In our business, the standard is translated to policy.
-
Consulting
We received this question:
Cordial saludo!
Requiero hacer un diagnóstico de Plan de Continuidad del Negocio - ISO 22301 y plan de gestión de seguridad de la información - ISO 27000 para una empresa del sector salud, me podrías recomendar bibliografia(Cordial greeting!
I require a diagnosis of the Business Continuity Plan - ISO 22301 and the information security management plan - ISO 27000 for a company in the health sector, could you recommend a bibliography) -
Objectives documentation requirements
In an ISMS project, should there be a separate document for High Level Info Sec Objectives and another for Low level Objective? High level in Information Security Context, Requirements and Scope document and low level in ISMS Policy document ?
-
A.6.2 Mobile Device and Teleworking Policy
Our team has recently started to look into the documents from the package.
At this moment I am trying to start working on the “A.6.2 Mobile Device and Teleworking Policy”. In this document, there’s a point which says:"protection of sensitive data must be implemented in accordance with the [Information Classification Policy]"
Can you please provide some guidance hear, what should we add in information Classification Policy or what kind of techniques can help us to Implement this Process?
Can you please help us with it document at the earliest possible. -
ISO 27001 Security Awareness Training
Hi,
Can your Awareness training cover some of your controls without need to further document. Say for instance i have a slideshow presentation and it covers media handling. It is ok to say that the control is selcetd in the SoA and reference out to the training document?
Thank you, -
A-14.2.5 - Secure system Engineering Principles
As per ISO27001 “Secure system Engineering Principles” is a mandatory document. I went via multiple threads in https://community.advisera.com as well. Any specific reason why Advisera doesn’t provide a template for the same in Toolkit in spite of being a mandatory document.
-
List of regulatory, contractual and other legal obligations
I noticed that in some comments on the templates, the links that involve videos or articles to clarify the correct filling of the document are broken, especially those from *infosecpedia.info domains and in some cases from *iso27001standard.com.
I would like to know what to fill in the columns of the "List of regulatory, contractual and other legal obligations"?
-
MATRIZ RACI ISO 27001
Con el fin de establecer las responsbilidades de TIC y Seguridad de la Información, quisiera saber si talvez ya han preparado este tipo de documentos por favor Muchas gracias.