Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Internal audit planning
My company asked me to be our internal auditor and sent me to your site for training. They're creating an ISMS and hope to have their 1st external audit in September. One of the criteria for the External Audit is for the company to have had a Full System Internal Audit completed. I have finished viewing your ISO 27001 Internal Auditor training videos and I'm currently studying before I take your certification exam. The internal auditor training indicates that the companies ISMS documents need to be reviewed prior to developing the audit plan. My CISO advises me that not all of our company ISMS documents are ready for the Full System Audit but I'm expected to deliver an audit plan based on only the SOA and scope. I'm a little confused. -
Residual risk
An auditor says we should not calculate residual risk before we implement the controls, is it right? -
Legal requirements and security awareness
I bought the ISO 27001 some months ago and now I'm implementing the standard in one company called XXXX which I'm partner and tech lead. We talked last week with Rhand Leal using the one hour call included in the bundle. -
ISO 27005 and ISO 27001
Our XYZ is in the process of implementing ISO 27001:2013. However, the XYZ has issued a directive saying that information security risk management process should be done accordance with ISO 27005:2011. So, my question is, comparing to ISO 27001 what additionally do we need to implement or consider when adhering to ISO 27005 :2011? -
ISO 27001 and application security
Hola buen día, mi pregunta es la siguiente : me sirve la ISO 27001 para proponer un esquema de seguridad en una aplicación móvil... o que norma me recomendarían para el esquema de seguridad (app móvil). -
Certification process
Hello.. I've been watching some of your videos and I have a question.. after our organization has implemented the ISO 27001 policies and procedures.. who will audit our company to give us the "ISO 27001" certification? -
Sharing documents
Sharing completed policies with third parties? As a government agency, we are required to provide copies of policies and or documents to third parties? Would this be in breach of your license ? -
Planning internal audit
Question about internal audit. Do I have to audit all clauses each year, or can I sample like in any other corporate audit? This is an existing certified ISMS, so surveillance takes place annually. -
Positive risks and opportunities
"I fundamentally disagree with the phrase 'positive risks, also known as opportunities'. 'Opportunities' are NOT 'positive risks'. A risk, negative or positive, is something that you are subject to WITHOUT CHOICE; something that may happen that would have a negative or positive affect upon you. If it cannot happen, or if it cannot affect you, it is not a risk to you. -
Inventory of assets
My question is about the inventory of assets. We use ConnectWise Automate to keep an inventory of all our IT equipment, so can I just write in the Inventory of Assets document that “An inventory of all our IT hardware can be found in ConnectWise Automate”?