Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Certification options for persons
I want to become ISO 27001 certified but I'm not sure which certification to specialize in. I am currently working with a company creating policies with ISO 27001:2013 requirements. Since I am gaining extraordinary experience I would like to get your advice on which certification I should specialize in, either, Lead Auditor, ISMS, etc. -
Filling SoA
I am writing the SOA - where can I add risks that have come from the Risk Assessment (but there is no applicable control from the Annex)? -
Information security in organizational chart
The book is useful and applicable. But in our organization we have CRO and CISO. Information security risk management must be in CRO or CISO organization ? It is big problem for us. -
Implementation steps
According to the sequence of steps in the package of documents, many specific policies and other documents are included in step 08, under the title Annex A. Does this mean that all those policies are only generated after having completed stages 1 to 7? -
Template content
1 - Hi, unfortunately the templates only have empty tables. Do you have generic prefilled tables, especially for typical risks? -
Asset inventory content
I have a question about column F of the asset inventory („implication / consequences“). The toolkit-comment says to transfer the data from the risk treatment directory. We don't have each asset from the asset inventory listed in the directory for risk treatment. Should column F only be filled in if it appears in the risk treatment directory? -
ISO 20k risk management process for BCMS
I currently have a set of Risk Management Process which is written up using the ISO 20K SMS objectives. There is already a risk treatment and risk plan, with the risk methodology based on ISO 31000:2018 standard. Question is: -
System/App Retirement & Decommissioning
Hi, What would be the most appropriate ISO 27001 control sets relevant to system/app decommissioning? I want to reference them in a procedure document. Thanks, Brian. -
Statement of Applicability
I am trying to understand if I need to refer to all the controls of Annex A. Meaning - do I need a table of compliance that indicates which controls I used and marked the others as NA - or a similar tool ? I read paper that you wrote and it does not refer to the above specifically. Can you please clarify ? -
Risk assessment approach
I’m currently working on research on the best option for Risk-Assessment (RA) Methodology and Templates. I believe that, a process based RA methodology would be more easily applicable in our case(For upstream Oil&Gas company) than an asset based methodology.