Please select user.
There are no topics yet.
I had a query. Can you kindly support me? Do we need to submit CAPA for NC on opportunities for improvement?
I need some clarification about the documents 5.1 and 5.2 of the iso 27001
In the "Number" field exactly what should be entered? Is a sequential number enough?
Thank you in advance.
Hello, I want to know which bodies are obligate to have an ISO 27K certification?
I am currently reading through the Audit Checklist of your ISO27001 package.
I am confused by the mixing of Business Continuity and IS Tasks.
While there are many BC Questions that are irrelevant for my purposes, I am missing the entire section 8 of ISO27001.
Also when adapting the BC Tasks for IS, I later find that comparable questions are stated in later sections.
Can you perhaps provide an updated Checklist with better focus on ISO27001?
Greetings! I already bought your 27001 kit, but I do not see where it addresses the requirement of Clause 8.1
We're a fairly small organization with only a few employees and a handful of 3rd parties helping us out with sales, compliance etc.
We have used the "Statement of Acceptance of ISMS Documents". Could that be sufficient for "awareness training"? I mean that they sign this after reading all the documentation? Or we could add a few questions related to the policies that they were required to answer when submitting the statement?
Would this be sufficient? Or is it expected by the auditors that we've bought some online tool to manage this such as the awareness training you and other companies offer?
I need to reconcile what appears to be two conflicting approached to Risk Assessment:
The toolkit's approach is as follows: Assets-Threats-vulnerabilities The Conformio approach is Assets- Vulnerabilities-Threats-Please explain
Could you please give me a feedback regarding these documents 10.1, 10.2, 11.2 and 12.1?
There are indicated as mandatory. but we think that must be filled after the audit step right?
Maybe only the document 10.1 must be filled now.
We are waiting for some news.
Another question please, in implementing an ISMS to ISO 27001 standards, should all the controls in a particular policy be implemented? E.G. A12.1.1, Controls against Malware in the implementation guidance in ISO 27002, has 12 controls. Should all 12 controls be implemented in order to meet the requirements of the standard?
I purchased the ISO 27001Toolkit and have two questions,
1) Is the risk assessment documents in the toolkit in line with ISO 27005, e.g. we as organization, after we are ISO Certified using the toolkit can say we adhere to ISO 27005?
2) ISO is international, it would be the same as Canada as it would for New Zealand as an example.