Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Information security cloud policy
I am working on an Information Security Cloud Policy and Procedure just now and wondered if you have a resources that relate? -
Internal audit and certification
Just a quick question, we are just in process of getting certified and are in the latter stages of the project, I want to know do we need to perform an internal audit and corrective actions before applying for certification or is the procedure document sufficient in the first stage? -
Evidences for competence
What are the evidence that an organization could provide to the inspector so that it demonstrates conformity of internal auditors competency on ISO 27001? -
Incident response plan
I’m sorry I have an additional question about the emergency management plan. Do we need to have a plan like that in case of a significant incident or would it be enough if we would have a list of people and a clear structure how to handle the incident? I’m guessing chapter A.16 of the ISO Standard is the reason for a plan like that?! Is that right? -
Filling in the risk assessment table
We are working on 07.1_Appendix_1_Risk_Assessment_Table_Integrated_EN.xlsx . Under the THREATs, we have a whole long list of possible ones. Do we need to repeat all the threats for each Asset? -
Annex A control owners
Would you be able to provide suggested owners for each of the controls in Annex A? For example Head of IT, Legal, HR? -
Defining roles and responsibilities
We are a small company and while we have competent people, we do not have individuals for every role e.g. Risk Manager to manage the SOA etc. Can you please explain how we can define roles and responsibilities, taking into account we need to define skills and competencies for every role and the person appointed for each role? -
Using templates on Conformio
I have been able to log into the Conformio account and upload the company logo, when I go to the files action on Conformio is it best to work through from file 00 to 11, I only ask because in the tutorial video it shows file 00 is skipped and you go straight to 01? -
Control owners
Can an organisation assign owners to the controls annex a of ISO 27001, for example, human resources security, could the owner be the director of HR? Idea is that the owner will be responsible for preparing the standard and process for each control. -
Incident management
In case of a significant incident the procedure of incident management talks about an emergency management plan. Our management said it would be hard to make one plan for a lot of different cases / assets etc. They said they would prefer having more than one plan for different things. They said the would like to look into the risk assessment and making an emergency management plan for assets with a high risk. Does that make sense?