Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Using templates on Conformio
I have been able to log into the Conformio account and upload the company logo, when I go to the files action on Conformio is it best to work through from file 00 to 11, I only ask because in the tutorial video it shows file 00 is skipped and you go straight to 01? -
Control owners
Can an organisation assign owners to the controls annex a of ISO 27001, for example, human resources security, could the owner be the director of HR? Idea is that the owner will be responsible for preparing the standard and process for each control. -
Incident management
In case of a significant incident the procedure of incident management talks about an emergency management plan. Our management said it would be hard to make one plan for a lot of different cases / assets etc. They said they would prefer having more than one plan for different things. They said the would like to look into the risk assessment and making an emergency management plan for assets with a high risk. Does that make sense? -
Information Security Policy and Business Continuity Management Policy
Can you please assist with this query. We currently have a lot of confusion between the Information Security Policy prescribing a Business Continuity Management Policy and Annexe A.17 Business Recovery Plan. -
ISO certifications for cloud computing
Could you please guide me on what are the ISO specific certifications (similar to 27001 for ISMS) that are required for Cloud Computing (for service providers and consumers)? -
Risk assessment and the ISO 27001 Lead Implementer course
I wanted to ask you about ISO 27001 risk Assessment. I was thinking about doing the ISO 27001 online course as an implementer and wanted to know if this would help me to carry out risk Assessments in the business? -
Template content
What’s the meaning of Necessary manual controls that exist in Appendix Specification of Information System Requirements document and it’s a mandatory or not? -
Risk management
I do have a question about risk management that need your advice. At this moment, we just finish risk assessment process, lay say we identify and assess around 300 risks, 10 of them are high risks, 50 of them are medium risks, and the less are low risks. For risk treatment process... -
Filling the Statement of Applicability template
I have an inquiry regarding the Statement of applicability document section 3. Applicability of controls ; why do we have to fill the control objectives column ? and is it mandatory ? if mandatory would you please provide a supporting material or example as the ref. article at the attached form is not helpful. -
Risk management approach
Your book is very useful to me which it could guide me the way for start up to do risk management. But I wonder that is it ok ? If I write the new Risk framework + methodology for implement in my company by combine the both ISO and COBIT 5? or I can use only one among both?