Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Several questions about documents
1. For what particular reason do we need to have records in electronic form and paper form? Isn't it sufficient if we just have it in electronic form? -
Gathering information from suppliers
In my organization, we are on the way to getting an critical application from a third party company and the company will share front end SDK, we need to manage after taking handover, they will not share source code and afterwards, they will be engaged only if code level change/patch or any bug need to be fixed. I asked the company to share their Information Security related policies like, System Acquisition, Development & Maintenance, Data Security & Privacy Protection, System Vulnerability & Risk Management, and some other policies. But they have denied to share their internal policies, what should I do in this case? I need your expert guidance. -
Developing policies and procedures
What is the first step we have to do to create and prepare new xxx Risk governance Policy and Procedure? -
ISO 27001 naming scheme
Necessito de uma ajuda , para organizar melhor a nomenclatura dos arquivos e pastas conforme a nossa organização para um futuro implementar a ISO 27001, mas como vou começar um servidor novo gostaria de começar direito com nomenclaturas baseadas na norma da ISO 27001 ( Basicamente organização de setores ao nosso servidor novo) -
Identifying controls for internal audit
I have some concerns regarding my first ISO 27K Audit ISMS. -
Several questions about toolkit documents
1. List of special interests groups: Is it allowed to just mention the regulations that we have to be compliant with? -
Developing documents for ISO 27001
I want to know how to develop statement of applicability, SOP ,RA /RT for any pilot project. -
Roles and competencies
1. Can CEO become the owner of internal audit for small organization having only 5 to 8 employee? -
Template content
Regarding this template: 02.1 Appendix: List of Legal, Regulatory, Contractual & Other Requirements. What does the column "Deadline" refer to? Is this like the deadline to comply with GDPR? -
Supporting ISO 27001 certification
We have few clients who asked us to help them with an advice how to become ISO 27001 certified. We are not going to operate as a certified body under ISO 17021 and ISO 27006. What will make sense for us? To be just the internal auditor? to serve as implementer auditor? We want to buy and pass the relevant exam from your website, what it should be for us? What is path to gain the relevant audit experience after passing the exam to serve as the right role ( implementer auditor or audit lead) to support our clients?