Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Impact level in specification of security requirements
In which document is my question: "Specification of safety requirements“
In which area: "Impact level according to the risk assessment:“Question:
In our risk assessment table, we didn’t list each information system, we worked with categories like "application software" or "workstations“. Information systems can occur in both categories. Both categories have multiple threats, vulnerabilities, and therefore impact levels. In this case, how is it possible to determine the impact level of the individual information system in the "Specification of security requirements“ based on the risk assessment table?" -
ISMS scope change
1. If a company has been ISO27001 certified over the last couple of years and the scope is for say Datacenter facility Mgt/Infra/Network Services, Managed Security Services, Operations Support - covering server, Helpdesk, etc and now due to changes in the organization, say, one of the area MSS has been moved to a centralized function under their regional HQ, is the existing ISO27001 certification still valid? 2. If not why? If yes, why? 3. What can be done to minimize a recertification? 4. Can a surveillance audit still proceeds? -
Roles and responsibilities for infosec management
What I’m missing from the toolkit, are the roles and responsibilities for infosec management i.e. the A.6 organization of information security. It does not say anything about key roles and responsibilities for ISMS. And that’s what I’m after. To me, the package looks incomplete. -
ISMS implementation
1. Estamos iniciando un proyecto de implementación de una SGSI , se decidió trabajar con personal interno , nuestra consulta es si con el " Paquete Premium de documentos sobre ISO 27001 e ISO 22301", es suficiente para implementar una SGSI sin tener experiencia previa ?
2. Existen certificaciones para ser auditor de ISO 27001? Cual nos recomendarías ? -
Raising a Non Conformity or Observation in Internal Audit
Hi
I am managing ISMS and as per the standard and as a continual improvement I have to perform an internal audit for ISMS. An internal audit dept is performing an internal audit. I need clarification in understanding when an auditor can raise an NCR(Minor) and when he can raise an Observation? Suppose I say that since I am certified by an external auditor and I have passed a certification audit by complying with all the mandatory requirements of ISO 27001, you cannot raise an NCR for my ISMS but only can raise Observation.
So am I correct, or internal auditor can still raise an NCR for me?
Please advise
Thanks -
Template content - Access control policy
Hello, where is my question inside the Access Control Policy: chapter 3.4 Management of special rights Question: The business and security requirements for access are defined in the „Directory for Risk Assessment“(?) I don’t understand this. Can you explain that connection to me, please? -
Starting ISMS implementation
I would very much like to start with the implementation, but I do not know how to best communicate the topic to the customer. -
Integrating ISO 13485 and ISO 27001 & GDPR
Hello, I would like an advice from an expert regarding integration of ISO 13485 and ISO 27001 + GDPR. We have purchased two documentation toolkits from Advisera:
- ISO 13485 & ISO 14971 Premium Documentation Toolkit
- EU GDPR & ISO 27001 Integrated Documentation Toolkit
We have already completed implementation of ‘ISO 13485 & ISO 14971’ toolkit, and we got the ‘EU GDPR & ISO 27001’ toolkit only recently. The question I would like to ask is how would you recommend connecting the two management systems (ISO 13485 and ISO 27001)? Would you recommend setting up an Integrated Management System? Or perhaps would you recommend keeping both systems separately and just referencing the ISMS in the QMS?
-
Development of an ISMS
Hello, I am an IT Manager so I need to develop an ISMS (Information Security Management System) documents that will include but not limited to Risk Assessment Methodology, Risk Assessment, Statement of Application, Risk treatment plan, Implementation of control and remedial procedures, Training and awareness, Operate and monitor the ISMS.
-
Controls from Annex A
Referente al paquete de documentación que adquirimos con ustedes, leí que se puede tener asesoramiento vía email, le comento que ya empezamos a trabajar con la documentación de ISO 27001, pero nos surgen muchas dudas respecto a la lista de controles del anexo A, respecto a eso tengo un par de preguntas:
¿Existe documentación por parte de Advisera especifica que englobe los controles del Anexo A?
¿Es necesario un documento especifico para cada uno de los 114 controles?(Regarding the documentation package that we acquired with you, I read that you can have advice via email, I comment that we have already started working with the ISO 27001 documentation, but we have many doubts regarding the list of controls in Annex A, regarding I have a couple of questions:
1 - Is there a documentation by specific Advisera that encompasses the controls in Annex A?
2 - Is a specific document necessary for each of the 114 controls?)