Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Business continuity plan
What are the phases to develop a continuity plan, according to ISO 22301: 2012? -
Internal audit frequency
How frequently do we need to perform an Internal Audit? -
Toolkit content
I do have a couple of questions for you regarding the documentation in the toolkit. Hopefully you could answer these questions for me. -
Policy for sharing files externally
Which ISO 27001 policy document describes the controls around sharing files externally? -
Mandatory policies for ISO 27001
Our clients are asking us what policies we have (as past of our IS 27001 Certification). Since the toolkit is mixing up terms, can you please list what policies are mandatory for ISO 27001? Once we have this list, we can check that we have the documents labelled correctly. For instance, take the example below, is document 11.A.16 a policy document or a procedure document? -
Risk control and risk mitigation
What is the difference between risk control and risk mitigation? -
Toolkit updates
Thx for your very good explanations! However, I still did not understand: Do I - after a standard revision - only get a new .doc template for e.g. the scope and have to fill it out from scratch again? Or do you provide some kind of incremental change instructions? -
ISO 27001 clause 6.1.2.c.1
Could you please so kind to advise me in following: -
Conditions for ISO 27001 implementation
We are thinking about getting certify with ISO 27001 for our company. We do NOT have active directory in place right now. Can we go ahead for the certification. or Domain will decrease our load to implement the control. -
Templates content
1. Do we have to use the Measurement Report or is it enough that we mention the objectives in the Information Security Policy and mention the measuring frequency?