Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Templates for ISO / IES 27033 -2
I would need your help, for ISO / IES 27033 -2 could please share some documentation or template for information gathering. -
Controls selection
Firstly, I have spent the past few days reviewing samples of your 27001 templates and training materials … very impressive … Thank You … it’s a great resource. May I ask a question? As it will influence whether XXXXXX go for a 27001 certified ISMS. XXXXXX is mandated to implement and maintain an ISMS, I have been made responsible for delivery of the ISMS project and have executive support and resourcing (people and finances). I would prefer to use 27001 for the ISMS (so we can be certified), however XXXXXX do not wish to use any of the 27002 controls, instead XXXXXX have invested our efforts in CIS20 controls. I understand XXXXXX select whatever controls are relevant, however my concern is if I don’t refer to any of the 27002 controls listed in Annex A of 27001, then XXXXXX will not be able to certify to 27001. -
SOC 2 Audit Compliance
I need your help in gathering insight on how to do SOC 2 Audit Compliance in our organization. -
ISO 27001 Toolkit content
1 - I don't see the data classification matrix in your 27001 toolkit. Can you help with it? -
Risk assessment and treatment for ISO 27001 and ISO 22301
I’m currently working on a Business Continuity and Disaster Recovery project for my company with the aim of becoming certified in ISO 22301. My colleague is an information security analyst and she’s working on an Information Security project with the aim of becoming certified in ISO 27001. -
ISO 27001 Lead Auditor
I am network security professional and having around 6 years of experience, and I am interested in auditing and I want to move in the auditing domain. So I am planning to have ISO 27001 Lead auditor certificate, I need your advice will it be good to start with ISO or anything else I need to do first. -
Toolkit content
1. I've been alerted of a possible missing document in the the 27001 toolkit, titled "Definition of security roles and responsibilities" and deemed as mandatory. I actually didn't find it. Can you please kindly check? -
Responsibilities in ISMS implementation
I work as a team lead. I want to know about my responsibilities in ISMS implementation, what are the documents I shall submit for audit, what type of questions they may ask. How do I represent development team in audit. -
Risk owner for the use of mobile devices
As most companies, many staff use their own mobile to access company emails. So they are the Asset owner but who is the Risk Owner? -
Annex A controls - flexibility in declaring the applicability
From the 'security controls'- Annex A domain A.5 till A.18 - What is my flexibility as am organization to decleare what is relevant for my organization and what is not. For example, in the A7 HR domain, can I just declare that caluse 7.2.3 -Disciplinary Process is not relevant here hence we are not interested to apply it here therefore I can skip it?