Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Audit
We got the certificate on October 2022. I want to do an internal audit before external audit on August. How can I start with the audit and how to perform it . Thanks
-
Aruba Products
Hi, somedoy has information about the Multiple Vulnerabilities in Aruba Products?
-
ISO 27001 query
1. Can I seek your advise on the how much is the RTO usually set for a company offering SaaS based solutions? Does the ISO 22301 define any times? I understand that it depends on various org-specific factors, but want to get a idea on industry best practices.
2. We also had the below queries relating to BYOD, in case we want to implement a BYOD policy:
Should the organisation ensure an anti-malware / anti-virus solution has been installed on all personal devices?
3. What are the minimum device management controls that the org should have control over?
I understand that these are not specifically defined in the ISO 27001 standard, and therefore need your advise on what controls are considered bare minimum, and as per industry best practices, to help us pass the certification.
-
Secure coding
Isn’t there a layer 2 as procedures and principles ?
1.1. Secure coding
[Job title] will issue procedures for secure coding of information system, both for the development of new systems and for the maintenance of the existing systems, as well as set the minimum secure coding practices that must be complied with.The same secure coding principles will be applied to outsourced development, and defined through the contracts as defined in [Supplier Security Policy].
-
Information Security Plan
<I need guidance on the preparation of the Information Security Plan. It would basically be what is an Information Security Plan and what is its structure. -
How to make company auditor?
How to make my company as authorized certifier to do auditing?
-
ISO 27001:2022 mandatory documents and records
I have bought your toolkit in the past and am preparing a ISO27001 2022 implementation and certification.
I want to get a clear picture of which documents and records are mandatory.
1 - I have read your webpage article on: https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-revision
and the content of “List_of_documents_ISO_27001_2022_Documentation_Toolkit_EN.pdf”. If I understand it correctly they both relate to ISO 27001 2022. Correct?2 - Can you explain to me why i.e information classification policy, confidentiality statement, training and awareness are mentioned as mandatory in the PDF file and is NOT listed as mandatory on the webpage?
-
Clarification about controls of ISO 27001:2022
IRCA circulars and publications refer to controls of this standard with prefix “A.”;e.g. A.5.34, A.7.1 etc. This was the practice in ISO 27001:2013 also.
The 2022 release of the standard itself refers to them without such prefix. I would like to refer them with the prefix as otherwise controls like 7.1, 8.2. 5.3 etc may be confused with corresponding clauses.
Is there any other logic in favour of referring the controls with prefix “A.”? While browsing the internet we see that both styles are being followed.
-
Questions about toolkit templates
1. In document 04-Information Security Policy, the item "4.4 Business Continuity" of the document index does not appear in the body of the document, please indicate if we remove this point from the index or you send the text of the missing part?
2. For the appointment of the security officer and security committee, do you have a standard document that allows us to carry out the board of directors minutes for the appointment, and the appointment of the role or position to the corresponding person or if this is going to be a external entity that provides the consulting service?