Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Compliancy officer, DPO, and CISO
How would you describe the differences and overlaps between the jobs of a Compliance officer, DPO, CISO?
-
Handling assets
When identifying assets, can I lump them together or is it each one individually that needs a Risk Assessment completed?
Eg. 10 Servers are identified as critical assets. Can I do a Risk Assessment on Servers or do I need to list CLIENTSVR01 in the risk register.
-
ISO standard for physical security
I'm actually looking for an IOS standard for physical security rather than ICT security. If you could advise me if an IOS standard exists for physical security I'd be very keen to look at how this might be implemented. -
Certification bodies in Germany
From whom do you have the ISO 27001 implementation in Germany certified in Germany? From the TÜV? -
List of legal requirements
Since we have to list all the List of Legal, Regulatory, Contractual and Other Requirements in the attached form, do we have to list all the Regulations and the laws listed under the Particular Country(see Link Below). For eg, In the case of Germany, while listing the requirements do we have to list all the requirements listed under Germany in the attached Document?
-
Roles in ISMS
I have been appointed to help the company get ISO and EIDAS certification. I have to start from scratch as I know NOTHING about security or compliancy… So this newborn Compliancy Officer hopes she can turn to you to help her – I am very nervous about the whole thing. I purchased the toolkit and I am currently working on WIP00_Procedure_for_Document_and_Record_Control_Integrated_EN
The questions I have:
1. “Mail significant for the planning and operation of the ISMS/compliance with GDPR” should be recorded. This can be an exell on our Sharepoint or an actual paper/pen notebook at the office I assume. What would, in reality, be such mail? I can think e.g. someone who would send a letter executing his “right to be forgotten”.
I will have to explain to the others in the company which mail they will have to register and what will not be considered as “mail significant for the planning and operation of the ISMS/compliance with GDPR”, but I don’t really know the answer to that myself yet…2. I want to make a list per function/role in the company of all the responsibilities and tasks as described trough the policies and procedures. Is there already a template for this? I don’t find it in the kit.
3. Also, is there a list of all ISMS related type of roles? As CISO, Senior Management, Compliancy Officer, DPO…?
-
Disaster recovery
I'm on a tight deadline to write a Disaster Recovery policy that is compliant with ISO/IEC, HIPAA, NIST, and SOC 2, maybe some others.
1. Do you have any suggestions for me?
2. What other ISO standard is associated with the ISO/IEC 27001 and 27002? -
The difference between ISO 27001 AND NESA
Can you share me the of what is the difference between ISO27001 AND NESA?
-
ISO 22301 templates update
Buenos dias, como ya sabeis, compre el paquete de documentos para 27001 y 22301.
Desde octubre, ya esta disponible la version 22301 2019, me podeis confirmar por favor si teneis previsto actualizar los documentos que han variado o si por el contrario, se quedara en la version comprada? -
Access control policy
I have few questions:A.9.1.1 Access control policy control
- What exactly must be documented according to this control; What Procedures and Records?
- And what Standard means by “Formal process”?