Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Defining KRI's for Risks
Hi
I have a risk register that I am maintaining for ISMS. I have different types of risks which are defined in the risk register. Now I need to define KRI for each risk. How can I do it as it will be a lengthy process and I have never done it before? For this practice, I need to analyze each risk in the risk register for measurable metric which is a difficult task. Please advise how can I do it in a simple way.
Thanks
-
Risk assessment and asset management
Hello, I wanted to ask you which one should be done first? Risk assessment or asset management?
-
Business Continuity Management System
Do you have any document on the competency requirements for various roles in the Business Continuity Management System with respect to ISO22301:2012 clause 7.2? I could not find one in the attached list which you had sent me earlier.
-
Information labeling
I'm contacting you to ask you some questions in A.8.2 information classification.
1. Is the classification of information based on confidentiality and integrity?
2. What's the purpose of information labeling? Is that just for informing internal employees?
3. Is it necessary to label all physical and electronic information? -
ISO 27001 6.1.1 Allgemeines
Two auditors have identified a finding regarding the management of opportunity, as required by 6.1.1 Allgemeines.
Which template covers this?
Based on the discussions with auditors, a reference table of which advisera template covers which norm requirement would be extremely helpful when identifying the correct document for the audit. -
SOA Documentation
Regarding SOA:- Do we have to prepare the Documentation for each and every Control mentioned in SOA or prepare only mandatory Documents (the Ones mentioned in the List of Docs attached)? Since ISO does not says to document each and every Control.
- If need to prepare only mandatory Docs, then will other docs also be checked during the Stage 1 Audit of ISO 27001.
- While preparing SOA, can we only prepare the Docs which are relevant to the Organization and exclude the ones which are not organization relevant?
-
Backup continuous policy
Hi, I request you can explain more clearly regarding backup continuous policy control or provide a document material to mail id.
-
15.2.2 managing changes to supplier services
15.2.2 managing changes to supplier services - ee have a major non-conformity on this point. Can you advise on remediation in a timeline of 8 weeks? -
Inventory management process
If we were talking about the audit, I am currently writing a thesis on the audit of the inventory management process
and I have some gray areas that I would like to clear up.I have to carry out an opportunity audit of the inventory management model in a company and that puzzles me as to the audit model that I have to bring, even adopt. On this I would like to benefit from the advice of an expert in the field.
-
Supplier Policy for Suppliers and Partners
I would like to ask here regarding the Security Clauses for Suppliers and Partners.- Do we need to make a Supplier Policy based on the attached Points listed in the A.15.2 Document? If yes, do we have to get it done through aLegal representative of the Company?
- Can you also give an overview of for what Suppliers will this Policy be made? For e.g. The Computer manufacturer providing the laptops and Accessories to the Company or External Companies with whom the Organization is working together.
- Is it mandatory to have a Supplier Security Policy?