Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Recording interested parties
I’m currently working on listing all the interest parties in the ‘List of legal, regulatory, contractual and other requirements’ document and I wanted some more guidance on how to record the interested parties according to ISO 22301. I work for a large global company with several hundred employees, clients, suppliers, shareholders etc. In the ‘Interested Parties’ column could I just state the stakeholders as ‘employees’, ‘clients’, ‘suppliers’, ‘shareholders,’ or do I need to list every individual employee, supplier and shareholder? -
Integrated implementation
Do you think if a company is working towards both ISO 27001 and ISO 22301 certifications, it should keep completely separate mandatory documents such as scope document if the scope is the same? Or can it be merged? I would love to know your point of view. -
Certification coverage
A customer asked for some documents involving ISO 27001, but the company in which I work is not certified directly. AWS that is our cloud is certified with ISO 27001. I wonder if the fact that the cloud we use is certified, we "automatically" are also? -
Information assets classification
1. What are the stages of information assets classification? -
Auditor questions
I am wondering if you can generate a list of typical questions an auditor might ask staff during an Audit. -
Policy and procedure development
What is the first step we have to do to create and prepare new bank risk management policy and procedure. -
Certification requirements
I have ISO 27001 certification. Scenario below: -
Use of ISO 27017 and ISO 27018
Wouldn't cloud/virtualized companies not be better suited for ISO 27017/18? -
SoA information
I have a question about implementing SoA. -
Competencies for ISO 27001
Is a CISP and other certifications a must have for implementer of ISO 27001?