Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Audit stages
Hi, I need some information, can you help me? How to Audit stage 1 ISO 27001? What is checked? Which clauses and controls are exactly checked? And about stage 2. -
Safe distance for redundant sites
Boa tarde, gostaria de saber em qual norma informa a distância recomendada entre sites de redundância e qual seria essa distância de segurança?
(Good afternoon, I would like to know which standard tells you the recommended distance between redundancy sites and what would be this safety distance?)
-
ISMS awareness
For clause 7.3 of the ISO 27001 standard, it is required to ensure employees are aware of the information security policy, as well as their role and consequences of not complying. Is this covered through the document template "Statement of acceptance of ISMS"?
-
Compliance verification
How do you verify compliance to regulatory requirements? It should be a scheduled audit or random verification of meeting criteria? Thank you for consideration.
-
Multi location certification
I have implemented ISO27001 at a country level. The Global company was only an interested part as a shareholder. But now that has changed and they are wanting to manage the network at a global level.
I don't know how to treat them in as part of this certification. Could you help with some advise on how to treat them?
-
Risk assessment and treatment report
I have a clarification question regarding the risk assessment and treatment report. When is this report created in the process of the ISO 27001 project? Before or after implementation of the necessary controls?
In the draft document it states that «The risk treatment was done from XX to XX.» (Risikobehandlung wurde im Zeitraum von [Tag/Monat/Jahr] bis [Tag/Monat/Jahr] durchgeführt.) Does this include that the controls are in place, or does this mean that the treatment plan etc. was created, but the controls do not have to be in place when writing the report?
Also, it says in the draft document (Heading 3.5) that «after implementation of the controls the residual risks are re-evaluated» (nach der Anwendung der Maßnahmen wurden die Restrisiken bewertet). This implies that the report is done after the controls have been implemented as the process (on which is reported) would include the residual risk evaluation after the implementation of the controls.
-
Integrated implementation
How can this standard be useful for implementing of other standards like ISO 27001, ISO 9001, AS 9100 etc.?
-
Compliance verification
How do you verify compliance to regulatory requirements? It should be a scheduled audit or random verification of meeting criteria? Thank you for consideration.
-
Toolkit choice
1. Que paquete debemos comprar, si solo uno de nuestros cliente nos esta solicitando que estemos certificados en ISO 27000, porque tienen acceso a un SaaS de IBM que nosotros les vendimos. 2. Una vez comprado, en cuanto tiempo acorde a su experiencia, podemos obtener la certificación para este propósito.