Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 22301 continuity analysis and ISO 27001
To carry out the continuity analysis ISO 22301 is it also necessary to apply the ISO 27001? -
Tool for carrying out security vulnerability assessment
I am looking for a tool that can assist me in carrying out security vulnerability assessment. I am not looking at Security Information. -
Corrective actions and corrections
I have a question about the procedure for corrective actions (paragraph 3.2 corrective actions). In sentence two in this paragraph you talk about the main differences between corrective actions and corrections. Why are you doing this? In my opinion this sentence is totally „out of the blue“ and doesn’t really fit in?! The DIN talks in chapter 10.1 only once about corrections (10.1; a); 1)). Is this the reason why this distinction is necessary? Beside the name of the chapter is „3.2 corrective actions“. Sentence one in this chapter totally makes sense to me but sentence two doesn’t. Beside, if I look at the form for corrective actions (where the procedure is reflected), it only talks about corrective actions. -
Physical controls selection
My company is new and there is no physical entry control device which can restrict any one from coming inside during business hours. Is it okay to go for certification audit without implementing this control as the cost and time for implementing it is way too high ? Or an entry control is mandatory for certification audit ? -
Security requirements specification
I need some guidance to fill in the document 'Specification of Information System Requirements' for the current applications that we're using. Could you provide me with a description of the fields that we have to fill in (in the template) ? E.g., I would not know what to fill in in the field for "Version of existing information system:" as an example. -
RACI chart for ISO 27001 controls
Can you help me in providing RACI Chart for all the ISO 27001 controls to map in my organisation. Basically I have Security Team, IT Operations Team, Development Team, IT head, BoD and employees. -
Documentation retention period
I'd like to know more about the retention period of a company's information security policy. Is there a standard number of years for this? -
ISO 27001 implementation tips
1. Any tips on how to comply to the 27001 standard for a startup company with employees around -
BIA for ISO 27001
In my company, we want to establish ISO 27001 on critical process. Our challenge is detection critical business process. We decided to do BIA on business process. Can you introduce us with a BIA Methodology? -
Technology Risk Assessment
Can you please share a sample template for Conduct Technology Risk Assessment? Can you please share the Methodology document?