Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Elaborating documents
I have a question about the ISMS scope and the Information Security Policy documents. Can those 2 documents be joined in one? Because we are a small company and all departments will be included in the scope. -
Software assessment
We maintain an approved software list for PCs in network and when any user requests an unapproved software a risk assessment is done for the same before it gets installed. What are the key things must be looked into when doing a risk assessment for a standalone software which is open source product or developed by a private company? -
Non-risk related reasons for undertake work
Risk management is not the only reason firms undertake work - how do we account for Continuous Improvement that has a "non-risk" source. We maintain a Security Work tool internally which we often define work in, where the work did not come from a clear and articulated risk. Any thoughts on how to handle "general input" workload like this? Do ISO auditors assume everything must be initially articulated as a risk? -
Disaster recovery plan
I wish to know if Advisera has a template or example that I can use to document a Disaster Recovery Plan of a service that is over Cloud Infrastructure (AWS). -
Use of ISO 27001 standard
Can we share the ISO 27001 standard with other companies / use it for conducting assessments if we have not purchased the standard? Would that be intellectual property infringement, or does ISO have a partner program? -
Obtaining engagement
How to get engagement as an independent consultant? -
Evidences for audit
1. My organization is 2 months old and i have implemented ISMS for ISO certification and operating it for the past 10 days. We have documented standard procedures for Incident and change management.For Certification audit, Do we need to give any kind of evidence if there is no incident or normal change happened yet in our organization? -
People as asset
Hi, who is the asset owner for people? -
Gap analysis questionnaire
I'm in need of a checklist that will help my software development company to prepare for the ISO 27001, my logic is that if i know all the questions asked by the auditor in a external audit, i can ask myself the same questions and see if my team is ready. May I request your advise in getting the in depth questions i need to ask the IT Team, HR Team, Finance Team, QA Team, Architecture, The Development Team , Network Team, Design Team, Cloud Support Team, Application Support Team. Are the checklist that i can use as the basis of asking them and myself to prepare for this? -
Control applicability
We currently have not outsourced complete software development but there are some application we acquired from third parties (Those application are general not specially developed for us) but we request some new features and customization time to time, so the make necessary changes for us, in this case the control Outsourced development is applicable for us? I look forward to your advise on this.