Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Integrating ISO 13485 and ISO 27001 & GDPR
Hello, I would like an advice from an expert regarding integration of ISO 13485 and ISO 27001 + GDPR. We have purchased two documentation toolkits from Advisera:
- ISO 13485 & ISO 14971 Premium Documentation Toolkit
- EU GDPR & ISO 27001 Integrated Documentation Toolkit
We have already completed implementation of ‘ISO 13485 & ISO 14971’ toolkit, and we got the ‘EU GDPR & ISO 27001’ toolkit only recently. The question I would like to ask is how would you recommend connecting the two management systems (ISO 13485 and ISO 27001)? Would you recommend setting up an Integrated Management System? Or perhaps would you recommend keeping both systems separately and just referencing the ISMS in the QMS?
-
Development of an ISMS
Hello, I am an IT Manager so I need to develop an ISMS (Information Security Management System) documents that will include but not limited to Risk Assessment Methodology, Risk Assessment, Statement of Application, Risk treatment plan, Implementation of control and remedial procedures, Training and awareness, Operate and monitor the ISMS.
-
Controls from Annex A
Referente al paquete de documentación que adquirimos con ustedes, leí que se puede tener asesoramiento vía email, le comento que ya empezamos a trabajar con la documentación de ISO 27001, pero nos surgen muchas dudas respecto a la lista de controles del anexo A, respecto a eso tengo un par de preguntas:
¿Existe documentación por parte de Advisera especifica que englobe los controles del Anexo A?
¿Es necesario un documento especifico para cada uno de los 114 controles?(Regarding the documentation package that we acquired with you, I read that you can have advice via email, I comment that we have already started working with the ISO 27001 documentation, but we have many doubts regarding the list of controls in Annex A, regarding I have a couple of questions:
1 - Is there a documentation by specific Advisera that encompasses the controls in Annex A?
2 - Is a specific document necessary for each of the 114 controls?)
-
Risk assessment internal and external criteria and factors
Cuales son los criterios y factores internos y externos que se aplican en la evaluación de riesgos?
-
Control implementation
We have passed the stage 1 of ISO 27001, one of the minor finding we should have Secure system engineering principles, as we develop a software.
I checked in your documentation of ISO 27001, there is no Secure system Engineering policy and procedure. Could you provide some guidance what should be written?
-
Communication plan
I’m seeking information on a communication plan template in the Advisera’s ISO Toolkit 27001_22301.
I read this article and now I’m trying to locate the template.
-
Template content - information classification policy
Control A.8.1.1 is missing in reference documents of „Richtlinie_zur_Klassifizierung_von_Informationen_DE“. Inside the "Erklaerung_zur_Anwendbarkeit_DE" control A.8.1.1 includes the „Richtlinie_zur_Klassifizierung_von_Informationen_DE“ as implementation method. Would you mind telling me what’s correct? -
Awareness and training for secure software development
I have a question about the appendix of the policy for safe development - the specification of safety requirements. I try to add the appendix into the risk treatment plan. What is the measure for awareness and what is the method for evaluating results? Who will have access to the document?
-
Implementation of policies
We are now starting the implementation of Information Security ISO 27001. I am on the phase of preparing control implementation of the policies. I'm facing difficulties, with start working on it.
-
ISO 27001 toolkit - which standard is it compliant with?
What is the version of ISO 27001 that your documentation is compliant with?