Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 27001 data center control requirements
I have a question, what ISO 27001 data center control requirements for facilities and operations?
-
Implementing ISO 27001 in different countries
We have a company with locations in 3 countries: Germany, Italy and the UK. Of course, we registered our company under 3 different legal names based on the country. So the main-name is always the same, but based on the country the name has a different name extension and therefore is slightly different in each country. We want to get ISO 27001 certified in all 3 locations/countries. Do we need to make 3 audits now in each country? Or is it enough to implement in all 3 locations and only do 1 audit which will cover all 3 locations? What possibilities do we have? / Any advice? -
Screening requirement
Can I used sampling method to meet the personal screening requirement ISO 27001:2013?
-
ISO 27001 data center control requirements
I have a question, what ISO 27001 data centre control requirements for facilities and operations?
-
RTO and MBCO and MTPOD - Business continuity concepts
- What is the relation between RTO and MBCO and MTPOD?
- If my customer has 10 project people working, are looking for RTO of 3 Days, MBCO is 40% on Day 1, MBCO is 80 % on Day2, and MBCO is 100% on Day 3. MTPOD is 3 days. So, does that mean the RTO that I can mark as achieved during any simulation drill will be if I am able to provide 4(40% of 10) associate within 24 hours. 8 associate within 48 hours of crisis and all 10 associates within 72 hours of crisis.
-
BIA: longest disruption time in BIA questionnaire
Greetings!
The BIA questionnaire in 22301 Document Toolkit lists disruption periods of 2 hours, 4 hours, 24 hours, 48 hours and 1 week. There are some processes that are, although fundamental in company's operation, prone by their nature to prolonged periods of disruption. And although disruption of those for one week has been valued as 3 (high impact) by the top management, the impact still wouldn't be catastrophic.
The question I have is: do I need to tweak the questionnaire to include longer periods of disruption, like 1 month, so that we actually define at what point the consequences are considered to become catastrophic for the company, of we can leave them be, because they are still valued as 3, so non-acceptable by nature, so it doesn't really matter whether it's 3 or 4, the Business Continuity Strategy wouldn't change from that?
-
Course supporting material
ISO 27001:2013 Lead Implementer CourseModule 9 - Implementation of a management system Introduction & suggested reading -points to https://advisera.com/14001academy/knowledgebase/deciding-which-procedures-to-document-in-the-ems/ - what is the corresponding ISMS document and can someone update the link on the course module?
-
Annex A Policies list
May I know please why the policies list inside 08_Annex_A_Security_Controls Folder not listed under 3.2 Project Results in Project Plan Document?
-
ISO 27001 helping in implementing ISO 22301
We have worked in the iso 27001 and we see preference of one of our clients in the ISO 22301. What can we rescue from the 27001 that contemplates the 22301?
-
Ways to define ISMS scope
What are the concrete methods and ways to define a good ISMS scope and what steps need to be taken while identifying the risk and while writing the policies itself?