Please select user.Assign
There are no topics yet.
as you might know, we are already ISO 17100 and ISO 9001 certified. And we will have the audit for these two ISOs on the 9th and 10th of November.
Now I want to change the documentation we had for IT security to ISO 27001 documents we got from you so that we avoid duplications and unnecessary work. For the ISo 9001 & ISo 17100 we already had the description of our workstations, servers, password management and software (Bitwarden), antivurs/firewall policies and software (Bitdefender endpoint security), etc. But now I want our IT to put everything into documents that we can use for the ISo 27001.
1. Should we start with the risks and then explain our ations and measures to reduce the risk. For example, weak passwords -> strikt Password policy, bitwarden, etc.OR: Do we say what we have and what is it for?
2. In your documentation we don't find any inventories of hardware and software. Isn't that necessary?
3. Do you normally recommend creating a flowchart for the server and backup systems, or do you explain everything in an Excel?
4. Our team (12 people) is working in home office and we work with many freelancers. So we think we should limit the scope of our ISO 27001 to specific service and not to the whole company. What do you think?
Con qué otras ISOs se podría complementar?
Dear Advisera Support Team
I have just purchased your "ISO 27001/ISO 22301 Risk Assessment Toolkit English" because I really find your concept practical according to the free downloadable materials on your website. Unfortunately after having looked through all the contents of the package, I am not fully satisfied with the purchase while expected more examples related to the asset-threat-vulnerability approach as written here in this site:
Diagram of ISO 27001:2013 Risk Assessment and Treatment process (advisera.com)
Could you please help me out? What I am looking for is more examples like this, something like a collection which ISO controls could address which threat and vulnerability types, a matching table would really help me. I would like to seek your support and advise here, especially when the assets would be infrastructure elements like a Domain Controller or a VPN gateway.
Thank you for this mail. I’m currently beginning redaction of the first documents and follow your online training. As I’m very satisfied of both , I’m also studying the opportunity to take a company account on advisera training for our employees awareness training.
After hours of reading and watching the very complete content of your website (blog, videos…) I don’t have any questions requiring a meeting, except one you could surely answer by email : what Is the best way to include “evidences” of policy implementation (screenshot, configurations … showing that a rule or control is implemented) ?
Once again, thank you very much for the quality of your service
I am an *** Branch of a Foreign entity doing business in ***, my foreign parent has taken iso certification. So by being the branch of this foreign entity do I have to apply for iso certification again in ***?
what's the meaning of Bomb attack and bomb threat? they mean logical bomb such as (DDOS,...)
I am having some difficulty with matching the list of documents/templates purchased to those mandatory documents shown in the book Becoming Resilient. See below. I can find the Business Continuity Objectives template or Competencies of Personnel and Results of BIA. Did I get the whole set? Thanks for your help.
Is an obligation define roles and responsabilities for TI in a Company with different Areas or Department? and that roles must be included in the Organizational Chart?
Isn't ISO27001 a bit oversized for medium-sized companies with a company size of approx. 270 employees? especially if you are not in system-critical industries?
So EU GDPR & ISO 27001 Integrated Documentation Toolkit does not include Annex A for ISO 27001. Do you have a product or book or set of items that we could buy that has the required documents so we could do the “Integrated Documentation Toolkit”? some sort of additional product addon?