Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Certification body
We are currently looking for a compliance body that would be able to audit us in a short period of time. Can you recommend a few companies? Have you ever heard about QAS International (www.qas-international.com)? If yes, can you tell me if it is a good and reliable company? -
Questions about risk assessment
1. I have go through the document and you are using old version while latest 2013 for the standard and also there will be new update, so could you please help me to understand how we will be able to be align with latest or confirm if there is any changes of latest version and how you help us on this regard by updating or so ever? -
Defining critical activities for BIA
I am finalizing the list of critical activities for the BC and have a question. There is an activity that happens once a week which is CRITICAL on that Monday/Tuesday. So should I include it in the BIA as there are lots of questions around what if the disaster happens after Tuesday... So my answer is what if happens on Monday...? So the real question is do we include it as 1 of the critical activities? -
Several questions about documents
1. For what particular reason do we need to have records in electronic form and paper form? Isn't it sufficient if we just have it in electronic form? -
Gathering information from suppliers
In my organization, we are on the way to getting an critical application from a third party company and the company will share front end SDK, we need to manage after taking handover, they will not share source code and afterwards, they will be engaged only if code level change/patch or any bug need to be fixed. I asked the company to share their Information Security related policies like, System Acquisition, Development & Maintenance, Data Security & Privacy Protection, System Vulnerability & Risk Management, and some other policies. But they have denied to share their internal policies, what should I do in this case? I need your expert guidance. -
Developing policies and procedures
What is the first step we have to do to create and prepare new xxx Risk governance Policy and Procedure? -
ISO 27001 naming scheme
Necessito de uma ajuda , para organizar melhor a nomenclatura dos arquivos e pastas conforme a nossa organização para um futuro implementar a ISO 27001, mas como vou começar um servidor novo gostaria de começar direito com nomenclaturas baseadas na norma da ISO 27001 ( Basicamente organização de setores ao nosso servidor novo) -
Identifying controls for internal audit
I have some concerns regarding my first ISO 27K Audit ISMS. -
Several questions about toolkit documents
1. List of special interests groups: Is it allowed to just mention the regulations that we have to be compliant with? -
Developing documents for ISO 27001
I want to know how to develop statement of applicability, SOP ,RA /RT for any pilot project.