Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
How to fill Statement of Applicability
I need your help in linking the document "6_Statement_of_Applicability_Cloud". I need to complete section 3.1 -
List of Legal, Regulatory, Contractual and Other Requirements
List of Legal, Regulatory, Contractual and Other Requirements: Can we write this in the requirement tab for 'Intellectual property rights' ? Users must not make unauthorized copies of software owned by the organization, except in cases permitted by law, by the owner or the CTO. Users must not copy software or other original materials from other sources, and are liable for all consequences that could arise under the intellectual property law. -
ISO documents for IT
1. Our company has ISO 9001-2015 however as IT Department, we are constantly audited beyond the scope of the ISO 9001. For that reason, I think that ISO 27001 documents are the ones that we need to cover everything and anticipate future audit. My requirement for report is to know if a procedure exist for reports demand from the IT and the restriction that follow these procedures. -
Implementation of ISO 27001
Are there any articles that will help me understand how 27001 is implemented in an organization? -
"Shall be documented" phrase
I have a question for you - 22301 you issue a statement that suggested there are mandatory and non mandatory controls - with the shalls how does this work? -
ISO 27001 clauses
I am currently taking the ISO 27001 Foundations class. Course is great. However what I need help with is the Clause. For example Clause 4.3 determining the scope. Where do I can a get a copy that list the all the clauses in detail? Is there a compliance document listing all clauses in detail like for example, a CJIS policy? -
Confidentiality levels
Are the following confidentiality levels adequate, or would you recommend a different confidentiality level? -
Applicability of ISO procedures
If I already wrote the ISO policies and procedures, how do I measure the applicability in practice? I mean to what extent people in the company ave applied them into practice? -
ISO 27017/27018 controls
Following on from ISO 270017/18 docs combined with ISO 27001 - Are there any controls that only relate to SO 270017/18 and not 27001 ? -
How to Monitor/Update the Risks in Risk Register?
Hi, I have implemented ISMS and have a risk register with all the risk( High, Medium and Low). It's being a year now that I have not updated the Risk Register and also new risk is there to be added. My question is how should I update and add/remove risks in the register? 1)Should I update the sheet with the revision number? 2) Should I remove the risks which already mitigate and are in the residual risk category? 3) Should I keep on adding new risks and keep all the old risks intact? My concern is since the risk assessment in a PDCA cycle and new risks will emerge every day, how should I maintain my risk register? Please advise Thanks