Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Legal requirements for ISO 22301
I have recently taken the role of a BCM Coordinator. According to the ISO 22301 clause 4.2.2, an org needs to document the legal and regulatory requirements of the org. Please can you let me know what documents can be considered as a evidence of this? Or what details are relevant from the legal aspect if I have to include them in the BC Strategy document itself? Any help on this or a sample document etc. will greatly help me please. -
List of ISO standards users
I have followed you for some time and would like to know if you can advise of any ISO standards register or matrix that identifies major listed or private companies (e.g. ASX100, FTSE100..) and the ISO standards they operate under. I am particularly interested in ASX companies so I may list against other standards / disciplines they subscribe to. -
Implementing asset register
"Tengo que hacer un sistema para un auditor, utilizando la norma iso 27001 -
Filling in the List of Requirements template
1 . We are in the beginning stages of implementing ISO 27001. We have purchased your ISO toolkit. We are working on the 02 Identification of Requirements documentation. Please help us in understanding the following for the Appendix 1 – List of Legal, Regulatory, Contractual and Other Requirements document: How detailed do we need to get when listing our requirements? Do we need to list each requirement in the ISO (Annex A), HIPAA, or other standards and determine the responsible person for each? Or, can we just reference the standard? -
27001 certification audit
-
Wiki as document repository
An easy one. What should we do in case we have an internal wiki (such as Confluence), where we update procedures “on the go” (i.e. backup procedure), and the mandatory 27001 docs? Should I copy/ paste the procedure from the wiki into , in this case, the Operating procedures for ICT, or it would be enough with a link? -
How to implement ISO in a Bank?
How to implement ISO in a Bank? -
Risk management for email service
I found two diagrams from your provided link: Diagram_of_6_steps_in_ISO_27001_risk_management_EN and Diagram_of_ISO_27001_risk_assessment_and_treatment_process_EN. As per the “Diagram_of_ISO_27001_risk_assessment_and_treatment_process_EN” where risk assessment is done based on asset where threat, vulnerability are mentioned related to ISMS Clauses. Our observations: How can we assess the risk management of any service (For example: e-mail service) instead of asset(Laptop). What would be the process?