Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 27001 and scrum
Hi, I wonder if you can share views or references regarding ISO 27001 compliance efforts for companies adopting Agile SCRUM for software development. I'd love to know as well from ISO 27001 auditor's view on that.
-
Infosec policies
I found a simplified security policy which encapsulates a lot of the policies provided in the tool kit but at a higher level. Would something like this be appropriate for our implementation of ISO 27k and would it be appropriate for an audit?
-
Risk management manual
The question is to develop a "risk management manual" for any organization of my choice -
Scope definition and certification costs
"Saludos, les mando las siguientes preguntas:- En la institución tenemos un sistema core de negocio, el cual interactua y se proyecta a cada vez enlazarse con otros sistemas, por lo que estoy analizando si es factible obtener la certificación ISO 27001:2013 solo para dicho sistema y toda la infraestructura, procesos, recursos y activos que rodean a este sistema de información de gestión. Es factible esto? no se requiere implementar para toda la organización.
- Se puede usar el logo del certificado en la pagina de inicio del sistema de gestión (por un tema de presencia institucional).
- Entiendo que Uds. venden el paquete documentario, pero quisiera saber el costo aproximado de la auditoria para obtener la certificación."
- In the institution, we have a core business system, which interacts and it is projected to link with other systems, so I am analyzing whether it is feasible to obtain the ISO 27001: 2013 certification only for said system and the entire infrastructure, processes, resources, and assets surrounding this management information system. Is this feasible? No implementation is required for the entire organization.
- The certificate logo can be used on the homepage of the management system (for an institutional presence issue).
- I understand that you sell the documentary package, but I would like to know the approximate cost of the audit to obtain the certification."
-
Audit stages
Hi, I need some information, can you help me? How to Audit stage 1 ISO 27001? What is checked? Which clauses and controls are exactly checked? And about stage 2. -
Safe distance for redundant sites
Boa tarde, gostaria de saber em qual norma informa a distância recomendada entre sites de redundância e qual seria essa distância de segurança?
(Good afternoon, I would like to know which standard tells you the recommended distance between redundancy sites and what would be this safety distance?)
-
ISMS awareness
For clause 7.3 of the ISO 27001 standard, it is required to ensure employees are aware of the information security policy, as well as their role and consequences of not complying. Is this covered through the document template "Statement of acceptance of ISMS"?
-
Compliance verification
How do you verify compliance to regulatory requirements? It should be a scheduled audit or random verification of meeting criteria? Thank you for consideration.
-
Multi location certification
I have implemented ISO27001 at a country level. The Global company was only an interested part as a shareholder. But now that has changed and they are wanting to manage the network at a global level.
I don't know how to treat them in as part of this certification. Could you help with some advise on how to treat them?