Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Approaching asset-based risk assessment for a cloud provider
How to approach asset-based risk assessment for a cloud provider like Microsoft Azure? What level of detail is recommended?
-
ISO 27001 & ISO 20000 implementation duration
In the company where I work, we are interested in implementing both ISO 27001 and ISO 20000. Our question is: In how long we could master both systems and apply for the corresponding certification?
-
A.13 Documentation Package
Does the »Anhang_6_Notfallwiederherstellungsplan_Premium» document of the ISO 27001 & ISO 22301 Premium Documentation Package includes everything I need for ISO27001 Controls A.13 (I do not want to implement a full BCM, only ISO27001)
-
Filling template
In the 270001 Consultant Toolkit, in document 02.1 appendix 1, there are some fields that ask for deadlines/periods of time.
And I have no idea what to fill in there.Can you please explain that, and give me an idea of how to handle this?
-
Asset Register - minimum value of an item to record
I am compiling our Primary School Asset Register and just want to know what is the minimum value of an item do we need to record? I have been told £20 others £50.
-
ISO 27001 implementation
We are looking to implement ISO 27001 at work to be ready if we needed to be certified in the future; I have a couple of questions about ISO 27001 toolkit.
- Do I need to be ISO 27001 certified implementer to implement it?
- Will I be able to follow the toolkit documentation to implement it, If we get your ISO 27001 toolkit?
- Do I need ISO 22301 toolkit too or ISO 27001?
-
Certification of Lead Auditor for external ISO 27001 audit
Please clarify whether an accredited external third party must use an ISO certified Lead Auditor to conduct a certification audit. I found the following statement, but it is unclear whether the Lead Auditor must have professional certification in the ISO 27001 standard. "If an individual wants to issue an ISO/IEC 27001 certificate of compliance then the audit must be done by a Lead Auditor working for an accredited certification body and done using all the rules of that certification body, which will need to adhere to ISO17021 and ISO27006."I signed a consultant agreement with a company to assist with the ISO 27001 ISMS, which has been awarded ISO certification annually for the past eight years. The external audits were performed by BSI.
The Company is considering using an accredited body other than BSI to conduct the ISO 27001 certification audit in 2020. The Statement of Work does not indicate that the audit team uses a certified Lead Auditor to complete the ISO 27001 certification audit. The auditors are Information Security Auditors certified by ISACA but they do not hold a professional certification in the ISO 27001 standard. -
Information Security Games & Quiz for Employee Awareness
To avoid the Information Security Awareness of the Employees Only through PPT,s, do you Suggest any Source for Quiz and Games for the Awareness. I think Awareness through Games and Quiz will be very useful in bringing more interest of the People towards Information Security. -
Business Impact Analysis
Apart from Risk Assessment, do we have to do the Business Impact Analysis also to be compliant with ISO 27001?
If yes, does our Document Toolkit contain the Documentation of doing the BIA?