Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Implementation alternatives
Do you think which is better between continuing with the ongoing steps and phases of leading the company to ISO 9001:2015 Certification or starting with the steps of implementing ISO 27001 while we have a very difficult job of dealing with ISO 9001 2015 implementation? -
Risk management frameworks
1. Suppose that I had IT Risk Frameworks follow COBIT requirements but my company want to get ISO 27001:2013 so do I need to write another IT risk Frameworks follow ISO requirements to get certified? -
Questions to top management
I need a list of types of questions the chief executive officer (CEO), chief information security officer (CISO), chief information officer (CIO), or chief technology officer (CTO) of an organization needs to answer about the security technology you are using (or need to invest in), and how it is postured to best mitigate risk to cyberthreats. -
Information security cloud policy
I am working on an Information Security Cloud Policy and Procedure just now and wondered if you have a resources that relate? -
Internal audit and certification
Just a quick question, we are just in process of getting certified and are in the latter stages of the project, I want to know do we need to perform an internal audit and corrective actions before applying for certification or is the procedure document sufficient in the first stage? -
Evidences for competence
What are the evidence that an organization could provide to the inspector so that it demonstrates conformity of internal auditors competency on ISO 27001? -
Incident response plan
I’m sorry I have an additional question about the emergency management plan. Do we need to have a plan like that in case of a significant incident or would it be enough if we would have a list of people and a clear structure how to handle the incident? I’m guessing chapter A.16 of the ISO Standard is the reason for a plan like that?! Is that right? -
Filling in the risk assessment table
We are working on 07.1_Appendix_1_Risk_Assessment_Table_Integrated_EN.xlsx . Under the THREATs, we have a whole long list of possible ones. Do we need to repeat all the threats for each Asset? -
Annex A control owners
Would you be able to provide suggested owners for each of the controls in Annex A? For example Head of IT, Legal, HR? -
Defining roles and responsibilities
We are a small company and while we have competent people, we do not have individuals for every role e.g. Risk Manager to manage the SOA etc. Can you please explain how we can define roles and responsibilities, taking into account we need to define skills and competencies for every role and the person appointed for each role?