Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Statement of Applicability content
Hi, the statement of applicability template contains all type of controls for all areas? Please I'm looking for controls on Wan Traffic Flow, Network Segregation, Pacht Mgmt process. -
Uso marca ISO 27001
Necesito conseguir alguna especie de cláusulas que ustedes tengan sobre el uso de la marca ISO... Por ejemplo: En mi empresa estamos iniciando el proyecto de actualización de políticas de seguridad de la información con base en la ISO 27001. Sobre eso, necesitamos saber, si al documento podemos colocarle en la portada o en las diferentes hojas la palabra "ISO27001". ¿Es permitido? La pregunta surge porque, en el área de TI han levantado una política de acceso al centro de datos y me han preguntado si pueden colocarle la palabra "ISO 27001"... pero necesito conocer al respecto antes de dar una opinión. -
Inventory list
I am helping to implement the ISO 27001 standard for a company in Europe and Canada. Looking at the Inventory list, it would take many consuming hours inserting all of the inventory this company has. Is it possible to put all the IT items in only or must all the desks, chairs etc, also be incorporated? -
Certification scope
Our company offers multiple services such as hosting/implementing a Learning and Management System, a marketing service, staffing, etc. If we wanted to get certified against ISO 27001, can we get certified separately for each of those services or must the company be certified for all its services as a whole? If we can do it separately, is that a normal or advisable way to approach certification since many processes, procedures, and people are so intertwined in most of the services offered? -
SoA changes
I was told from an auditor that an SoA cannot be changed during the 3 year valid period after the certification has been achieved (need to have the same version number and date as the same used for the certification). If this is being changed, then the scope (security controls) has changes and the existing certificate will not be valid -
Acceptable use policy
I have a client that requires a policy on the use of instant messaging/videoconferencing, however these applications can pose significant risks in terms of potential privacy violations. Do you have an example of such a type policy? -
ISO and PCI-DSS Assessor
How do you qualify to become ISO/PCI-DSS Assessor? -
Information security organization
Who are the people, functions or areas that operate information security? We have already created an Information Security Policy, so I am in the process of creating the processes. But the question is: Who within the system will operationalize the processes. Example: Who will categorize security incidents, who will create and send awareness materials ... around.) -
Internal auditors selection
Would like to know your perspectives - if you don't have an established third line of defense, can a competent risk function do an internal audit to meet the compliance to standard like ISO27K? -
Filling toolkit templates
1. Is “Confidentiality level “ mandatory to mentioned it in documents ,or I can remove it ?