Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 27001 implementation project
I would like to understand how best to start a project to obtain ISO 27001 audit and certification for our company?Evaluating ISO 27001 vs HITRUST certification. -
Corrective action form
I have a question about a document we have to create in relation to the procedure for incident management and in relation to the list of incidents. I talk about a form for corrective actions. Can you explain a bit more about that form beside the comment in the template. Which presentation form would you recommend (in the intranet, in a folder, in our own application software). Can you send me an example for this form? -
Control of document and records requirements
I have another question about the procedure of directing documented information. The template talks about font size 11 for regular document text (regardless of the headings). Each content of the templates has font size 10. Do I need to change that to font size 11 (if I like to follow your template requirements)? I couldn’t find a separate description for the content which talks about font size 10. -
Statement of Applicability content
Hi, the statement of applicability template contains all type of controls for all areas? Please I'm looking for controls on Wan Traffic Flow, Network Segregation, Pacht Mgmt process. -
Uso marca ISO 27001
Necesito conseguir alguna especie de cláusulas que ustedes tengan sobre el uso de la marca ISO... Por ejemplo: En mi empresa estamos iniciando el proyecto de actualización de políticas de seguridad de la información con base en la ISO 27001. Sobre eso, necesitamos saber, si al documento podemos colocarle en la portada o en las diferentes hojas la palabra "ISO27001". ¿Es permitido? La pregunta surge porque, en el área de TI han levantado una política de acceso al centro de datos y me han preguntado si pueden colocarle la palabra "ISO 27001"... pero necesito conocer al respecto antes de dar una opinión. -
Inventory list
I am helping to implement the ISO 27001 standard for a company in Europe and Canada. Looking at the Inventory list, it would take many consuming hours inserting all of the inventory this company has. Is it possible to put all the IT items in only or must all the desks, chairs etc, also be incorporated? -
Certification scope
Our company offers multiple services such as hosting/implementing a Learning and Management System, a marketing service, staffing, etc. If we wanted to get certified against ISO 27001, can we get certified separately for each of those services or must the company be certified for all its services as a whole? If we can do it separately, is that a normal or advisable way to approach certification since many processes, procedures, and people are so intertwined in most of the services offered? -
SoA changes
I was told from an auditor that an SoA cannot be changed during the 3 year valid period after the certification has been achieved (need to have the same version number and date as the same used for the certification). If this is being changed, then the scope (security controls) has changes and the existing certificate will not be valid -
Acceptable use policy
I have a client that requires a policy on the use of instant messaging/videoconferencing, however these applications can pose significant risks in terms of potential privacy violations. Do you have an example of such a type policy? -
ISO and PCI-DSS Assessor
How do you qualify to become ISO/PCI-DSS Assessor?