Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Problems with inventory of assets
During an ISO27001 standard audit some shortcomings were observed on 8.1.1 on the inventory of assets schedule and the auditor realised that the root cause is that the auditee were drawing up and maintaining the standard from their head and not from any approved process. What clause/section on the standards requires that procedure be development for an effective maintenance of the standards control processes? -
Review of the BCP
I am performing a review of BCP, do you have a standard checklist or some pointers i can use to assist me in this review process? -
Acuerdos de confidencialidad
En la organización mantenemos discrepancia con el Departamento Legal, pues según la depuración que hemos efectuado a proveedores hemos establecido el requerimiento que firmen los acuerdos de confidencialidad, y consideramos que la mayoría de nuestros proveedores tienen relación o acceso de una u otra forma a la información de la empresa, y son muy pocos a los que no hemos solicitado este requisito, pero el criterio del área Legal es que no se debe solicitar sino exclusivamente a proveedores que tienen relación directa con la seguridad de la información. -
ISO 27001 vs ISO 27002
If you resew implement ISO 27002 within the entity, do I need to have the ISO 27001? -
Risk management and the Internal audit
If In the previous internal audit report, the risk was low after risk treatment, did the risk management plan report on the next internal audit to be taken or omitted? -
Identification of threats
how do you know if you have identified all the threats to an organisation? I have had to add threats to your list as I couldn’t may all the threats I could think of back to you list. Now I am wondering what other threats I may have missed. -
Risk management in ISO 27001 Lead Auditor Course
One question will this course help me for threat analysis as security manager to save manpower threat to life? -
Preventive actions
1.- I've downloaded the templates but it seems that is missing one of them when I compare with the tutorial video of Dejan Kosutic. On the video #112 Procedure Corrective and Preventive Actions, it shows 2 templates in 1 ( Procedure Corrective and Preventive Actions), but on the Toolkit which I downloaded has only the Procedure Corrective Action template. My question is: Is it missing the Procedure for Preventive Action template or did you update the templates and this template is not available anymore? -
Segregation duties
We have the 27001&22301 Premium Documentation Toolkit, and have enjoyed using your templates. I can't see any reference to A.6.1.2 Segregation of Duties. I'm told that we need a policy to cover this. Can you offer any advice on where to find a template. -
What part takes the most time
We know that the implementation takes months, so we're afraid we've missed some points! We were wondering what part takes the most time (scope, risk analysis, writing of policies and procedures)?