Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
CCPA and ISO 27001 Lead Auditor
I have 30 years of experience in software development, Project Management and at Executive levels mostly in the US. I also have some recent experience in designing and implementing data privacy policies in a higher education institution in the US. If I pass ISO 270001 Lead Auditor Certification exam, will that help me in getting started as a Provisional or Internal Auditor for CCPA requirements? I would like to set up a time with you to discuss.
-
ISO 27001 certification
We are from the UK and found your excellent courses then this 27001Academy which claims we can do 27001 ourselves. However, we need to get the UKAS Accredited ISO27001 Certification which is the IAF NAB for the UK. How does this fit in with your DIY claim?
-
Annual Program for Internal Audits
In which document is my question: Annual Program for Internal Audits
Question:
I have a question about the last column of the table („Protocol to execute the audit“).
The comment on the column refers to the „Report on the internal audit “. When we talk about „Protocol“ in this column do we talk about the „Report“? Means is the „Protocol“ the „Report“? -
ISMS interfaces and dependencies
How can I show that the consideration of interfaces and dependencies is in place in a company? from the IMS manual or where?
-
ISO 22301 and Disaster Recovery Plan
Why does ISO 22301 Not talk about aligning with a DRP process? we live in a digital world and to recover requires a strong DRP and also a link to a Crisis management center either virtual or real? none of the standard means anything without an IT Disaster recovery program and DRP site to make it happen.
-
List of Legal Regulatory Contractual and Other Requirements
Hi - I am ploughing through the ISO 27001 toolkit I purchased a few months ago, but I haven't yet set up the complimentary live consultation. I plan to after I am a little more progressed. In the meantime, I am really struggling with the above.
We are a small SaaS startup. Do you have a non-confidential example document of this schedule you can send to me to get me started sketching out some example requirements from the likes of Employees, Shareholders, Clients? Government Act compliance is pretty straight forward. -
Internal audit report
In which document is my question: Internal audit report
Question:
Is the "audit trail“ (in German the „Prüfpfad") the audit method?
Questions about which documentation was checked, with whom were interviews conducted, which systems were checked are pointing to the method (in my understanding). -
Plan for Training and Awareness
Does it make sense to include the Confidentiality Agreement and the Declaration of the acceptance of isms documents in the Plan for Training and Awareness? As an awareness action?
-
Retention period - Training and awareness plan
Would you mind telling me what the average retention time of such plan is? The template says: "This document must be kept for [number] of years
-
Documents and records management
Hi, we've achieved ISO 27001, we are in our second year. I'm struggling with how to organize all the evidence, records, documents so I can access them quickly especially when an external auditor comes. Any suggestions?