Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Risks and opportunities
In the organization in which we work, we have implemented and certified the Information Security System according to ISO 27001: 2013, as well as Quality in accordance with ISO 9001: 2015. It turns out that in the observations generated in the audits is that we must implement, justify and better evidence the Opportunities in what corresponds to the requirement 6.1.1 Actions to address risks and opportunities or Actions to address risks and opportunities. -
Various questions regarding toolkit
1. Let us say that the laptops and/or servers (or let us say in general asset types) have the same purpose, would we have to multiply each risk by 3 just because there are different Asset Owners? -
27001 training
I'm interested in getting my ISO 27k1 training and cert. However, there is a huge discrepancy between training vendors. I'm new in Switzerland (originally from Canada), and find it extremely expensive here compared to similar programs in the EU. Also, the courses seem to differ slightly. Some offer intro for 900€-1200€ and others are 2000€+ for what seems to be the same. In Switzerland it's 3500chf+ just for the intro. Are there preferred study methods and certification routes? -
Handling residual risks
What are the ways to control the residual risks ? -
Template content - Policy for mobile devices and teleworking
I have another question about the policy for mobile devices and teleworking. Where exactly is my question: Area Teleworking Comment:"In smaller companies this doesn’t need to be documented. It should be sufficient to identify existing rules.“ What does „identifying of existing rules“ mean? Does it mean to create another document (in addition to the policy) which describes the teleworking rules what the company defines? -
Template content - Teleworking
I have another question about the policy for mobile devices and telework. My question is about telework. -
Records and documents
I have a general question about the templates. The templates have a paragraph dealing with the "management of records relating to this document“. In this section you write down all the record for this document. -
Templates content
1. In some cases the controls are very similar and I could see that they are applicable to the same risk, e.g. control A.15.1.1 and A.15.1.2. Let us say that we only choose to apply one of them in order to not make it look as if we have a lot of risks (and besides that the control is not applicable to any other risk), would there be a way how we could justify this in the Statement Applicability? -
ISO 27001 implementation
I am a Project manager handling all the security projects for my organisation, where in we are currently implementing ISO 27001. I have gone through most of your resources put up on ISO 27001 and those were quite helpful. Thanks for all those free resources which are easily available for us to refer and get ourselves educated on this standard. Still,I would need a little bit of guidance in implementing the ISO 27001 for small to medium size company, if you could provide your valuable inputs on how to get this implemented, it would be great.