Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Risk assessment
1. Do we need to identify the risk?
2. What are the differences between existing controls and planned controls and after which step we can identify them?
3. How we can fill these fields?
-
Internal audit
1. Must first internal audit be executed before certificate audit?
2. If so, must it cover every area or is it ok to audit some areas after certification audit?
-
Differences between Opportunities and Objectives
What are the differences between Opportunities and Objectives? E.g. when is it an opportunity and when is it an objective? -
Incident response training
What type of training should the incident response team have to fulfill their roles?
-
Toolkit content
I am looking for the scope for the BCMS. The 27001 toolkit is a combined toolkit for 27001 and 22301, but the scope fr 27001 does not seem to cover r refer to 22301 in any way. If you could clarify for me whether there are any other missing 22301 templates from the toolkit
-
Controls for Acceptable Use Policy and awareness
Are the controls for Acceptable Use Policy a guide in creating security awareness workshops for staff?
-
ISO 27001 certification coverage
We are a global company with branch offices up to 27 countries and soon to be more. That being said, if our office gets ISO 27001 certified, will the other branch office be certified and/or have the ability to say they are ISO 27001 certified?
-
Information security requirements
Can you help me with this query: What information security requirements should be included in contracts with suppliers?
-
ISO 27001 implementation
Can I implement ISO 27001 as a stand-alone system or should I also implement ISO 9001
-
Inventory of assets
Is it necessary to have a policy/procedure for asset management/inventory or is it enough to have the records showing the asset and the owners?