Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Toolkit content
1. Attached please see the excel sheet and let me know if you have something like this in the toolkit or if it can be produced? 2. What goes in "Justification for"? (please see the png attachment) -
Information classification
1. How do we decide which categories to choose for information classification like restricted, public, confidential, internal etc? -
Use of Mobile Device and Teleworking Policy and Clear Screen and Clear Desk Poli
1. What I meant by restricting access in the following question "Do we really have to restrict access in case we'd like to access the information systems in the datacenter? We do have a Mobile Device and Teleworking Policy and Clear Screen and Clear Desk Policy which is being implemented." is the fact that the authorized employees can access the data on distance (so they do not have to be in the datacenter). If we decide to include the datacenter in the scope and no other locations (home, office, etc...) the access in these other locations should be restricted. However this is not going to make things easy for the employers and the employees because the datacenter is 71,5km away from the office, this would mean that they have to travel at least 143 km's everyday. -
Legal requirements identification
I am finding this one particular difficult - we sell B2B a SaaS service in the five countries mentioned. All very standard really. I am sure all the requirements are common. You have one example: “Protection of intellectual property” -
ISMS documentation
At what stage in the documentation is risk assessment carried out? -
ISO 22301 documents and competencies
1. How ISO 23001 helps in reducing the dependence on individuals through -
Certification process
I have a question about certification process. Our company has 2 offices: one in London (UK) and one in Yerevan (Armenia). The Armenian company is xxx, 100% of stocks are belongs to UK company. Do we need the certification process for both companies, or only for our UK office? The aim is to have whole company certified. -
Several questions about documents
1. If there are unacceptable risks associated with controls A.10.1.1 and A.10.1.2 (encryption) but we do choose to implement another control for the risk, what could we write in the 'Selection for non-justification'? -
Certification coverage
To what extent will the certification be issued to a corporate entity? If it will be issued to corporate X, will it cover all of its entities subsidiaries and affiliates? Or, should every legal entity needs its own certification? -
Results description
I am currently completing the project plan template and need some assistance with 3.2 - Project Results. You have some great descriptions of the key documentation we will be producing as below: