Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Logical return to work process
I have been utilizing the ISO 22301 documentation extensively that I purchased via your company a while back. I used it to prepare our planning and it has proven very useful.
One aspect I am struggling with though and wanted to ask your feedback. I cannot see a logical return to work process/checklist amongst the documentation. I am clearly thinking ahead to how our business will return to business as normal but in a logical/structured manner.
Is this something you can help with? Even better if pandemic related?
-
Software Development Security
I have some clarification with regards to A 14 Domain.
1. Why ISO 27001 documentation toolkit from Advisera does not have a template for “Secure Development Environment Guidelines”?
2. We are a medium organization where we do limited development particularly customization of COTS software (Web Content Management {CMS} and Student Information Management {SIMS}). In this case how to analyze which A 14 controls will be applicable to our organization?
-
Business continuity in EU
Hello, I am looking for laws and regulations on 'industry sector' and business continuity in EU
I am interested in BC of critical infrastructures in a industrial big organisation. -
Business continuity procedures
Is this the right document template from the Toolkit for the mandatory document required by ISO 27001 for Business continuity procedures (A.17.1.2.):
A.17.4_Business_Continuity_Plan_Premium_EN_WL.docx
-
ISO 27001 / ISO 22301 Disaster Recovery Plan
Hi guys. I just bought the Disaster Recovery Plan and want to use it with combined ISO27k/22301/GDPR documentation that I'm working on. I noticed there are four documents. Which one would you recommend for this?
-
Risk treatment
Regarding the theft of a laptop form a car, while the policy can prohibit leaving a laptop in a car, thus preventing probability of theft, how does a backup or encryption lower the probability of theft? It merely lowers the impact when the theft occurs, but not the probability of theft. The thief does not know the data is backed up or encrypted, and usually doesn´t care because he most often is after the hardware for resale, not the data.
-
Excel Template Programming
Where can I find details on what has been programmed into the excel templates, and where is maintenance documented? Specifically, in risk treatment, how change method, coloring and warning messages? Thanks.
-
Checklist ISO 22301:2019 content
Hi!
I was really happy when I found the "Checklist of ISO 22301:2019 mandatory documentation" since that contains what is mandatory and what is not.
However, when looking at chapter 2 in the list, it says that a post-exercise report is not mandatory.
When I look in the corresponding clause in the standard (8.5), it says:
"The organization shall conduct exercises and tests that:
...
e) produce formalized post-exercise reports that contain outcomes, recommendations and actions to implement improvements;"To me, this implies that a post-exercise report IS mandatory...
Please elaborate your way of interpretation. -
BCP
I need to know what are the components and structure required to document a BCP from ISO 22301: 2019 perspective I am not interested in certification at this stage I am more interested what does my organisation requires to assert what is required as a structure to document BCP though we already have a BCP plan in place etc but we need to know from ISO 22301: 2019 what it requires to document a BCP and accordingly I will revisit what we have in house already ok.
-
Statement of acceptance document
I have a question regarding the statement of acceptance document. It is stated that all employees need to sign this document, is this including the managing director and also non-IT employees? Also board members? Or do only IT employees of the organization sign the document