Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
External documents
We are implementing an ISMS helped by your ISO27001 documentation. In the first document (00_Verfahren_zur_Lenkung_von_Dokumenten), a post entry registry for external documents is asked for. Could you please give me examples of the kinds of documents that would have to be registered there?
-
Route to implement an ISMS
Buenas tardes. Me gustaría saber cuál es la mejor ruta para implementar un SGSI en una empresa dedicada al giro de la publicidad en XYZ.
-
Toolkit content
There are three documents included in the pack:
- RA and TM Cloud
- RA and TM Premium
- RA and TM Integrated.
Can you please tell me the difference between these documents?
-
Surveillance audits
1. Does the external auditor have to do complete surveillance for all controls in the SOA the same as the first year of certification?
2. How long does it take to complete the surveillance audit with regard to the initial certification audit duration? -
ISO 27001 implementation
1. An educated guess for the duration and cost of the certification for our budget planning.
2. Recommended roadmap in terms of your services/products offered. -
Incident response plan
I would like to get the steps for incidence response. General steps that we should follow to response incidence team PLAN
-
Template content
Is It necessary to maintain the below-mentioned Column in the Advisera Templates? It means we can attach here any relevant Documentation relating to this Template. For. Eg. Disposal_and_Destruction of Devices. If we do not maintain any such document of hardware Scrapping, then do we have to maintain that Document and mention it here?
Will it be advisable to delete this Column if we do not have any supporting document of the particular Topic?
Here like in this Template in Point 4, it is mentioned as "Managing Records kept on the basis of this document".
It means we can attach here any relevant Documentation relating to this Template. For eg. Disposal_and_Destruction of devices. If we do not maintain any such document of hardware Scrapping, then do we have to maintain that Document and mention it here?Will it be advisable to delete this Column if we do not have any supporting document od the particular Topic? Or is it mandatory to maintain this Column for the Documentation?
-
Performing risk assessment and risk treatment
I’m interested in necessary steps regarding risk assessment (and following), should be taken when existing asset is removed from the company. Ig, it was decided that power generator is no longer needed, and possible power failures will be covered by UPS.
-
ISO 27001 - what to do after certification
1. Just a quick question. After you go through all the steps in the ISO27001, and after you get the recertification, do you need to redo a risk assessment every year? Or do you just follow-up on the risks?
2. And risk-wise, do you do a threat modeling/profiling to better capture risks or what would you recommend?
3. And finally, what would you recommend to do yearly (and plan yearly) so that the certificate is kept in good health? Thank you very much in advance, any help is indeed greatly appreciated. -
Documents implementation
1. As part of ISMS implementation, do we have to make all the Advisera Templates be read and understood by all the colleagues in the Organization after filling up the Templates or just only Information Security Policy Document?
2. In every doc, it is mentioned as “Users of this document are [job title].” So here should we mention the concerned approver or the Person e.g. (CISO or all the User in the Department).