Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 27017 certification process
My first question is about the formal process for a company to get certified ISO 27017 if it is already certified ISO 27001. It is just about asking the audit provider to verify the additional questions and deliver the “statement of compliance.”? Or there is a certification that the company should conduct a proper and distinct audit to have it? My second question is: Can a company say that it is certified for the information security management for the cloud computing services just with the ISO 27001/27002? -
Video Tutorials not aligned to downloaded document
I am using the vide tutorials to complete my documents downloaded. However they do not align completely. I am currently looking at the ISMS Scope tutorial and the document being used in this does not align with the document we have purchased.
-
Template content
In the file 00_Verfahren_zur_Lenken_von_Dokumenten_und_record_27001_DE.docx there is a comment from you "Delete if the declaration of applicability precludes measure A.8.2.1 according to ISO 27001." Where are the measures, I have to read the measures first so that I can exclude them?
-
Owner of general procedures
We are discussing the ownership of general procedures. We have a classification of information in my organization and we are pretty much ISO27001 compliant. I, as an IT auditor, consider that the "head" of the organization is the owner of the general procedures, which are applied throughout the organization. Do you find it correct?
-
Risk Deviation
I really like your book as it is more detailed and clearly define the meaning. But I have doubt in one word "Risk Deviation" what does it mean? I do hope you could help me with the explanation on this?
-
Segregation of duties
1. Regarding Segregation of duties I believe some jobs can’t be combined (like the SO can’t be the DPO?)
2. Are there specific combinations that are not done? We have these roles in the company? To divide under 4 people:
Security officer (is also Risk manager & Authorization officer)
Internal auditor (external consultant)
Service manager (is also Change manager & Incident manager)
Security tester (outsourced)
Compliance officer
Solutions Director
DPO3. Do you also have standard lists of the Responsibilities & Requirements of these roles?
-
Overlapping between ISO 27001 and ISO 9001
I was looking for the overlapping and or mapping between ISO 27001 and ISO 9001, We are ISO 27001 certified and was looking which one is an added value ISO 9001 or going SOC2 report compliance -
ISO/IEC 27001:2013 ISMS Document Implementation
I need to write up a draft an ISMS document that meets the ISO 27001 requirement for an SME. Could someone please guide me on where I can find a template of one? Otherwise, can someone provide the headings that I should include in the document, please.
-
Assets of Threats Diagram
We need a "Diagram Assets of Threats".
-
Risk treatment plan
Buenas noches, estoy redactando un plan de seguridad para el aseguramiento de la información de la plataforma informática de una institución. Me gustaría saber la manera correcta de generar los estudios necesarios y los informes de recomendación y aplicabilidad para el respectivo aseguramiento.