Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Information security on managed offices
I was wondering if you can help me out with a 27001 question. I have a client that is in a managed office and therefore does not own the door to their office and employees of the managed office space access their office (to deliver post, let contractors in out of hours to do work, cleaners etc). I don't believe they are allowed to put their own lock on the door so how can this satisfy A.11 or does it need to be excluded from scope? -
ISO 22301 clause 4.4
Please can you assist me with clause 4.4. How would I show evidence of this? Do you have an example? The auditor has asked for this with the following statement:Validate the org have identified BCMS processes and their interactions. -
Templates for software development
I am looking for templates/packs that would cover software development. We already have 27001, 17 and 18 -
Questions about certification
1. Is it mandatory to implement Business Continuity Management to obtain the ISO 27001 ? -
Toolkit content and SoA
1. In section 3.6.2 (Relations with external parties) of page 6 in the attached Security Procedures for IT Department document, could you provide clarity/explain what each of the bullet points below are driving at? -
Rules for identification, collection and preservation of evidence
Where is my question (in which document): Rules for identification, collection and preservation of evidence (self-created); -
Certification as a Lead Implementer and Lead Auditor
I'm currently working as the Senior Information Security Administrator for a XXXXX that will be undergoing its first ISO 27001 annual audit (initially certified last September) next month. For this reason the Internal Auditor Course has been invaluable, especially as I and my colleagues prepare for the audit, and I plan to take the exam and obtain the certification as soon as I complete the course. -
ISMS measurement
I have a new job as Information Security Officer in a startup company in XXXXX. They are preparing for ISO 27001 certification since last year. Last month, we had Audit stage 1 but with one major con conformity and others minors ones. The major one is related with the measure of ISMS. Can you guide me how to do it? -
Incident management procedure
In that part of the document my question is: "Management of records relating to this document“ -
Cloud Services Agreement Guidelines
I noticed that the SOA (cloud version) mentions a doc called "Cloud Services Agreement Guidelines" a few times. I cannot find that document in any documentation kit.Is it an actual document?