Please select user.Assign
There are no topics yet.
Are needs and expectations same or different for one interest party? If different are the needs and expectations both the requirements for the interested party stated example client. Or in the case of the client the needs are what organization wants from the client and what expectations does the client have from the organization?
Does the information security policies have to explicitly be in the contract or is it enough if it’s in the employee handbook?
What says ISO 27001 about deleting information on cloud computing?
by having my whole IT team trained on ITIl does it benefit getting 27001 compliance
I'm finding your tutorials very helpful! I have a question for you: I'm assuming that I need to fill out the BIA questionnaire for each activity. How do I combine all the different questionnaires? Is there somewhere on your site that shows me how to do it?
ur organization has achieved ISO27001:2013 certification for few years. All the while, we have conducted the Full Testing for our IT Dr drill.
Recently, we switched to the Table Top or Plan Walkthrough for our drill. Would this meet the ISMS certification requirements during the surveillance audit?
As far as my understanding of Annex A.17.1 of ISO 27001:2013, a performed test or drill is considered already fulfilling the requirements.
1. How does one put in the risk/control of the asset?
I have read your website in terms of implementation isms for iso27001.
First I have classified my assets, label them, checked the risk of each.
Now how will this relate to the iso controls?
That I don't understand is that the iso has annex, controls and some questions (or advice)
Because... let me take an example of an annex
Ok, let's say employees are also an asset. So taking the annex 7.2.2
"Information security awareness, education and training"
All employees of the organization and, where relevant, contractors shall receive appropriate awareness education and training and regular updates in organizational policies and procedures, as relevant for their job function.
Does this mean one just has to educate the workers and partners on policies and then he is compliant to this annex?
2. I watched one of your videos about ISO27001, whereby the speaker gave a simple method of risk assessment table. So what impact is that table having on the iso requirement?
3. Assuming I have 10 assets but 3 are having a risk but 7 are okay.... which controls of the ISO27001 is this related to?
bom dia, estou adequando a minha empresa na LGPD, e porem na LGPD, entra a ISO 27001 e estou com duvidas por onde eu começo. e quais informações preciso colher.
I wonder about security controls in ISO 27001 A.8.3. Which one of them should also include paper as media?
A.8.3.1 Management of removable media
A.8.3.2 Disposal of media
A.8.3.3 Physical media transfer
Can you record nonconformities and corrections in the same document that you are using to capture risks? Example is that we have a risk register spreadsheet which covers all requirements and would like to only have one document capturing all of this if it is allowed.