Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Video tutorial content
1. The video "How to Write ISO 27001 Procedure for Corrective and Preventive Actions" talks about preventive actions. I cannot find this paragraph in the template. 2. The video talks about compatibility with ISO 9001 and ISO 14001 - please provide the applicable clauses in the template, thanks. -
SOA and Control Objectives
I have a question regarding the SOA and Control Objectives.
I was thinking that I should just include the Control Objectives and Controls in ISO27K
Is this OK or do I need to rephrase the words in case there is a Copywrite issue??? -
Documents for ISO 27001 controls
The documentation in the package covers all the 114 controls of the Standard?
-
Disaster recovery plan template
The Disaster Recovery Plan (of the toolkit) hasn’t a section talking about the reference documents. Is that wanted (even if there are relevant sections in the standard (A.17.1.2 und A.17.2.1)?
-
Asset handling in risk assessment
Thanks for the support and information you are giving us. I am now doing the risk assessment and I have a question for you. So we have different Asset owners and let's say they all have laptops. So do I need to put every laptop and its associated risks, threats, and vulnerabilities or I just categorize it as laptops?
-
Developing multiple Disaster Recovery Plans
Our company has a complex IT-infrastructure and various RTOs. We, therefore, need separate disaster recovery plans. Are there templates when you need to work more differentiated?
-
Handling of requirements
What to do with the demands of standard that have long since been overcome. You know what I am thinking.
-
Impact level in specification of security requirements
In which document is my question: "Specification of safety requirements“
In which area: "Impact level according to the risk assessment:“Question:
In our risk assessment table, we didn’t list each information system, we worked with categories like "application software" or "workstations“. Information systems can occur in both categories. Both categories have multiple threats, vulnerabilities, and therefore impact levels. In this case, how is it possible to determine the impact level of the individual information system in the "Specification of security requirements“ based on the risk assessment table?" -
ISMS scope change
1. If a company has been ISO27001 certified over the last couple of years and the scope is for say Datacenter facility Mgt/Infra/Network Services, Managed Security Services, Operations Support - covering server, Helpdesk, etc and now due to changes in the organization, say, one of the area MSS has been moved to a centralized function under their regional HQ, is the existing ISO27001 certification still valid? 2. If not why? If yes, why? 3. What can be done to minimize a recertification? 4. Can a surveillance audit still proceeds? -
Roles and responsibilities for infosec management
What I’m missing from the toolkit, are the roles and responsibilities for infosec management i.e. the A.6 organization of information security. It does not say anything about key roles and responsibilities for ISMS. And that’s what I’m after. To me, the package looks incomplete.