Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Information Security Management course for non IT professionals
Would you please let me know how is it fit the Information Security Management course for non IT professionals? -
Scope definition
We are a small IT services provider with 6 employees and are planning for ISO 27001 certification. I have a couple of questions regarding the scope and legislative requirements if you could help me please. -
Gap Analysis and planning audits
Could you please give me few important factors that help decide the -
Risk Assessment responsibilities
1 - In an organization, who should perform the IT or Cybersecurity Risk Assessment ? -
Risk Assessment
A question regarding Risk Assessment: We are implementing ISMS from scratch and let‘s say we do not have any policies. My questions is if we can change the order of actions in regards of risk treatment. Let‘s say that I develop some policies before assessing risks (because it‘s obvious that I know that some policies are mandatory and I know main principles of what should be defined in those policies). By doing that I shorten the list of risks with unacceptable level. And after the risk assessment I will have maybe only append some changes to those policies. -
Templates content
1. Regarding the Statement of Applicability: I've did some research and what I've seen is that I don't have to write policies / procedures for each risk. What I could also do is accept risks, avoid risks or share the risks with third parties (in this case insurers or suppliers). In that case I assume I'd have to say that it isn't applicable in the Statement of Applicability, but what do I write at the selection for non-justification tab? -
ISO 27001 Toolkit content
1. Does the ISO 27001 document package include technical specifications for the implementation of Annex A controls? -
Management review policy
I have just bought the full suite of ISO documents from you. There doesn't appear to be a specific policy regarding Management Review. In folder 11 i can only see the Measurement Report and Management Review minutes. Our auditor is asking for a policy. Does one exist? -
Documents review
There are some documents we have/want to review annually. How should we proceed if there is no change on the document? Shall we create a new version without modification? Shall we update the latest version date? -
ISO 27001 Lead auditor course
I have enrolled for ISO 27001 Lead auditor and doing the training. After completing the course, attending workshop and passing exam, will I be able to entitle myself as ISO 27001 certified Lead Auditor or still I would be requiring to do some audits before I can do that?