Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Holistic approach
I'm trying to understand why all these mandatory documents would result in a holistic approach to security and confidence in how things relate to one another? I feel like there should be more... how should I look at this? -
Developing policies and procedures
I just started a job that is about IT policies and documentation and I have no experience about this job so I need some advice from a person who knows this subjects so well like you. Do you have any advice for me ? And also my company is considering to get ISO 27001. I am looking forward an answer from you. Thank you. -
Document lay-out
Lets explain my question through the [policy for change management] (Section A.12). In the policy is one related document in section 4: the change log (in electronic form). Does the formal structure of the change log has to be like defined in the [policy for information classification]? (classification level in the upper right corner… etc., etc.) -
ISO 27001 risk management process
I think you mean ISO 31000:2018 here, right? -
Audit checklist content
I need your help concerning the Internal Audit Checklist. Particularly 7.4 point: Does the process for communication related to information security exist, including the responsibilities and what to communicate? Could you please explain it more detail. -
BCPs content
I was wondering if you have any seriously created/developed a business continuity plan (with all appendices) for any company (of course without any company name or details). I fully understand, at the end, every company is different. However there are still many disasters, incidents can occur to any company and responses to these incidents may be also very similar for any organisation. If you share with me a good example, it definitely helps me a lot. -
ISO 27001 requirements and implementation
I would like to understand the requirements of implementing ISO 27001 into the company I am working for and would like advice on the requirements of this standard, and if there are any methodologies that you can recommend to implement this. -
Requirement for Policy for Business Continuity
I have an additional question to the referential documents of the ISMS Policy. -
Defining scope
I'm planning to implement ISMS however I'm stuck on the scope. Can you guide me on the creation of ISMS scope? -
Audit meetings
When going through the ISO 27001 Auditor training I came across the following statement in the documentation:- complex topics like the opening and closing meetings during an audit have been left out of the training as they are not mandatory and not applicable to small & medium size businesses. My question is what size business does need these meetings is it over a certain number of employees or company turnover?"