Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Managing regulations of different countries
I'm working on a project where in the regulatory requirement of a financial institution needs to be documented. Create a Center of Excellence where employees facing regulators from different countries where the organization is located can look and get information. How can you help? -
Surveillance audit schedule
Please let me know if there is a list of what is being audited in the audit after a year by the certification house. I mean auditing one year after ISO 27001 has been introduced. What is being done and checked or is it individually, depending on the auditor's assessment?We are smaller company (approx.10 employees). -
List of Legal, Regulatory, Contractual and Other Requirements
I‘m working with a client in implementing ISO 27001. I was trying to explain to him that they need to have a list of interested parties , legal and contractual requirements but I was wondering if you could send me an example of such a document i.e partially filled out so I can better explain this to him ? -
Audit evidence and management review purpose
1. Is it required to show the VA/PT results to ISO auditors? -
Developing an ISO 27001 project
How can I fill out this document, examples. In the word that I downloaded it only sends you to the page of the theory but does not say how to fill it. It is Project checklist for implementation of ISO 27001. -
ISO 27001 benefits
The most difficult part I have found in the implementation of Information Security is to be able to convince the Directives that the adoption of ISO 27001 is something important for the Institution. Any ideas? -
ISO 27001 consultant's questions
1. It would be very advantageous for my clients to do a self-assessment against each of the statements within ISO 27000 i.e. for the level of Importance and Rating (Current State and Future State). Could you let me know what the restrictions are regarding this or of this something offered? -
Risk assessment on BCP
I'm implementing the BCP, and i'm in the risk analysis phase. the steps I used are : -
Audit results
Can you answer a question for me quickly? Once a stage 3 and 4 surveillance audits are completed, depending on the results what is provided to the organization from the certification body? Do they provide a report stating that they are still in compliance? Or they have nonformities minor or major what are they provided with? How is the company notified of their results? -
Practice for collection of evidence
I have a question about the method for incident management (paragraph 3.7 Collection of evidence). The rules for identification, collection and preservation of evidence - is there any template? (Couldn’t find one). If not would you mind sending me some information about the content of this document? We don’t know how to make the rules.