Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Recertification activities
1. Our ISO 27001 consultant is doing a vulnerability assessment as part of our recertification. I do not recall a vulnerability assessment is needed. If anything, the company should have a documented process (be it vulnerability assessment, patch assessment etc) that should be followed. Is this going overboard? -
Marketing for Lead Implementer and Lead Auditor
Which certification has more requirement in the market. ISO 27001 Lead Implementer or ISO 27001 Lead Auditor -
ISMS Policy
I have a question about the ISMS Policy - Section 4.4 Responsibilities. Which specific person / job title would you recommend for mark 7 and 8? In the video tutorial the last two marks (7 & 8) doesn’t exist." -
ISMS Budget
I am new to the CISO position and would like to ask what are the things I must look at in order to build 2019 budget in regards to implementing and maintaining the ISO 27001 Certification? Off the top of my head I can think of Training and Awareness, I created an Emergency pamphlet which is respective to every location of my company, IT contract and software renewal, my travel to Europe at least 6 times a year. what else should I be looking at? The IT stuff will be taken care of by the IT department. -
Control A.14.2.5 Secure System Engineering Principles
We’re coming up to completing our documentation but can’t find a template for A.14.2.5 Secure System Engineering Principles, which is a required document for ISO 27001. I see A.14.2.1 Secure Development Policy, which isn’t a required document. Can you please provide a template for Secure System Engineering Principles? -
Developing documents
I was wondering if it’s necessary to write a document policies for the one who’s not applicable to our organisation. By example, we don’t accept employees to bring there own device at work, do we need to write the Bring your own device policy? -
Filling in ISMS policy template
Document: ISMS Policy, Section: 4.1 objective requirements and measurement -
Holistic approach
I'm trying to understand why all these mandatory documents would result in a holistic approach to security and confidence in how things relate to one another? I feel like there should be more... how should I look at this? -
Developing policies and procedures
I just started a job that is about IT policies and documentation and I have no experience about this job so I need some advice from a person who knows this subjects so well like you. Do you have any advice for me ? And also my company is considering to get ISO 27001. I am looking forward an answer from you. Thank you. -
Document lay-out
Lets explain my question through the [policy for change management] (Section A.12). In the policy is one related document in section 4: the change log (in electronic form). Does the formal structure of the change log has to be like defined in the [policy for information classification]? (classification level in the upper right corner… etc., etc.)