Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Legal requirements and security awareness
I bought the ISO 27001 some months ago and now I'm implementing the standard in one company called XXXX which I'm partner and tech lead. We talked last week with Rhand Leal using the one hour call included in the bundle. -
ISO 27005 and ISO 27001
Our XYZ is in the process of implementing ISO 27001:2013. However, the XYZ has issued a directive saying that information security risk management process should be done accordance with ISO 27005:2011. So, my question is, comparing to ISO 27001 what additionally do we need to implement or consider when adhering to ISO 27005 :2011? -
ISO 27001 and application security
Hola buen día, mi pregunta es la siguiente : me sirve la ISO 27001 para proponer un esquema de seguridad en una aplicación móvil... o que norma me recomendarían para el esquema de seguridad (app móvil). -
Certification process
Hello.. I've been watching some of your videos and I have a question.. after our organization has implemented the ISO 27001 policies and procedures.. who will audit our company to give us the "ISO 27001" certification? -
Sharing documents
Sharing completed policies with third parties? As a government agency, we are required to provide copies of policies and or documents to third parties? Would this be in breach of your license ? -
Planning internal audit
Question about internal audit. Do I have to audit all clauses each year, or can I sample like in any other corporate audit? This is an existing certified ISMS, so surveillance takes place annually. -
Positive risks and opportunities
"I fundamentally disagree with the phrase 'positive risks, also known as opportunities'. 'Opportunities' are NOT 'positive risks'. A risk, negative or positive, is something that you are subject to WITHOUT CHOICE; something that may happen that would have a negative or positive affect upon you. If it cannot happen, or if it cannot affect you, it is not a risk to you. -
Inventory of assets
My question is about the inventory of assets. We use ConnectWise Automate to keep an inventory of all our IT equipment, so can I just write in the Inventory of Assets document that “An inventory of all our IT hardware can be found in ConnectWise Automate”? -
Legal requirements for ISO 22301
I have recently taken the role of a BCM Coordinator. According to the ISO 22301 clause 4.2.2, an org needs to document the legal and regulatory requirements of the org. Please can you let me know what documents can be considered as a evidence of this? Or what details are relevant from the legal aspect if I have to include them in the BC Strategy document itself? Any help on this or a sample document etc. will greatly help me please. -
List of ISO standards users
I have followed you for some time and would like to know if you can advise of any ISO standards register or matrix that identifies major listed or private companies (e.g. ASX100, FTSE100..) and the ISO standards they operate under. I am particularly interested in ASX companies so I may list against other standards / disciplines they subscribe to.