Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
How to establish new ISMS Objectives
Hi, I have implemented ISMS in my company 2 years before and all the objectives which I have proposed during the implementation are already completed. I need to establish new ISMS objectives for the next 2 years at least. I have below doubts in mind:- How should I proceed in this case? New ISMS objectives will depend upon which factors? How can I make new objectives?
- What will happen to my objectives which have been completed?
- Do I need to keep a record for them for management review in the future?
- Do I need to make any implementation plan for the new objectives and how they will be achieved?
-
Calculating audit days
How can I calculate the ISO 27001 certification renewal audit date for my company? I know that according to the employee number. however, how can I evaluate whether the day number is fair or not? for 21 employees, they specified as 4 days. the quality system is the same, people are the same, no major change for ISO 27001... -
Audit forms
I am reading audit self-study. And your Video is very helpful, but I found doubts about what should I think for audit to be written down in forms. How forms look like? Really I hope you can help me. What are the right tools I should use to?
-
Defining KRI's for Risks
Hi
I have a risk register that I am maintaining for ISMS. I have different types of risks which are defined in the risk register. Now I need to define KRI for each risk. How can I do it as it will be a lengthy process and I have never done it before? For this practice, I need to analyze each risk in the risk register for measurable metric which is a difficult task. Please advise how can I do it in a simple way.
Thanks
-
Risk assessment and asset management
Hello, I wanted to ask you which one should be done first? Risk assessment or asset management?
-
Business Continuity Management System
Do you have any document on the competency requirements for various roles in the Business Continuity Management System with respect to ISO22301:2012 clause 7.2? I could not find one in the attached list which you had sent me earlier.
-
Information labeling
I'm contacting you to ask you some questions in A.8.2 information classification.
1. Is the classification of information based on confidentiality and integrity?
2. What's the purpose of information labeling? Is that just for informing internal employees?
3. Is it necessary to label all physical and electronic information? -
ISO 27001 6.1.1 Allgemeines
Two auditors have identified a finding regarding the management of opportunity, as required by 6.1.1 Allgemeines.
Which template covers this?
Based on the discussions with auditors, a reference table of which advisera template covers which norm requirement would be extremely helpful when identifying the correct document for the audit. -
SOA Documentation
Regarding SOA:- Do we have to prepare the Documentation for each and every Control mentioned in SOA or prepare only mandatory Documents (the Ones mentioned in the List of Docs attached)? Since ISO does not says to document each and every Control.
- If need to prepare only mandatory Docs, then will other docs also be checked during the Stage 1 Audit of ISO 27001.
- While preparing SOA, can we only prepare the Docs which are relevant to the Organization and exclude the ones which are not organization relevant?
-
Backup continuous policy
Hi, I request you can explain more clearly regarding backup continuous policy control or provide a document material to mail id.