Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 27017/27018 controls
Following on from ISO 270017/18 docs combined with ISO 27001 - Are there any controls that only relate to SO 270017/18 and not 27001 ? -
How to Monitor/Update the Risks in Risk Register?
Hi, I have implemented ISMS and have a risk register with all the risk( High, Medium and Low). It's being a year now that I have not updated the Risk Register and also new risk is there to be added. My question is how should I update and add/remove risks in the register? 1)Should I update the sheet with the revision number? 2) Should I remove the risks which already mitigate and are in the residual risk category? 3) Should I keep on adding new risks and keep all the old risks intact? My concern is since the risk assessment in a PDCA cycle and new risks will emerge every day, how should I maintain my risk register? Please advise Thanks -
ISO 27002
Hi, what I am looking for is an extremely detailed description on each control catalog number (i.e.: A.5.1.1-1 or A.7.2.1-1 or A.10.1.1-1). So basically I am not looking for the policy but for an extremely detailed description on which the policy as an outcome will be based on. I can send you 2 example as I have finished with 2 but would need all. Do you have any package which contains those? -
Procedure for document and record control
In reference to the procedure for control of documents and records, is it exclusively for documents that have to do with the ISMS or does it apply to all the documentation in general of the company? -
Book Secure & Simple
How to coordinate the ISO 27001 foundation course study with the book " Secure & Simple" ?Which method do you advise for that ? -
Toolkit content
1. Attached please see the excel sheet and let me know if you have something like this in the toolkit or if it can be produced? 2. What goes in "Justification for"? (please see the png attachment) -
Information classification
1. How do we decide which categories to choose for information classification like restricted, public, confidential, internal etc? -
Use of Mobile Device and Teleworking Policy and Clear Screen and Clear Desk Poli
1. What I meant by restricting access in the following question "Do we really have to restrict access in case we'd like to access the information systems in the datacenter? We do have a Mobile Device and Teleworking Policy and Clear Screen and Clear Desk Policy which is being implemented." is the fact that the authorized employees can access the data on distance (so they do not have to be in the datacenter). If we decide to include the datacenter in the scope and no other locations (home, office, etc...) the access in these other locations should be restricted. However this is not going to make things easy for the employers and the employees because the datacenter is 71,5km away from the office, this would mean that they have to travel at least 143 km's everyday. -
Legal requirements identification
I am finding this one particular difficult - we sell B2B a SaaS service in the five countries mentioned. All very standard really. I am sure all the requirements are common. You have one example: “Protection of intellectual property” -
ISMS documentation
At what stage in the documentation is risk assessment carried out?