Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Incident management procedure - treatment of minor events (3.3)
In chapter 3.3 the document talks about logging of minor events. Are we able to use the list of incidents to log the minor incident (when it happens the FIRST time)? Chapter 3.5 (learning from incidents) talks about adding minor incidents in the incident list after it happened twice. Would we be able to add minor incidents in general into that list or just minor events which happened twice in a specific period of time? If we aren’t able to fill it with both, do we have to make a separate list for chapter 3.3 „treatment of minor incidents“? A separate logging list I mean. -
SoA - A.6.1.3 - Incident Response Plan
Does the documentation toolkit (with 43 documents) include a template for an incident response plan? I couldn’t find it. Do we definitely need a document like that to get certified? The package we bought said it includes all of the necessary documents. If we don’t use this document which documents shall we use to fulfill control A.6.1.3? -
Are Annex A.11 controls mandatory?
My question is regarding the Annex 11 Physical and environmental control from the ISO27001 standard, whether there is mandatory requirement to have internal or outsourced physical security (human) in the company building? Or this control is implemented based on the company risk assessment. -
Ensuring contractual and regulatory requirements are met
In the course ISO 27001 Foundations. What does this mean please, when it says you need to ensure that contractual regulatory and legislative information requirements are met? -
Business continuity documents for ISO 27001
Toolkit folder 17 consists a disaster recovery plan. Is this plan enough to represent Chapter 17 of ISO 27001? -
Duration of the ISO 22301 review
ISO 22301:2012 is in Review phase and will be revised with a new version. I would like to know how much time will it take for the standard to be revised? -
Documenting disciplinary process
How do we have to represent control A.7.2.3. I saw it in the document „method for incident management“ (point 3.6). Do we have to make a process flow chart and put it in a blank template? There is no template in your documentation toolkit (for $ 797) about it, am I right? -
Difference between ISO 27001 and locally published ISO 27001
What differences could be observed with regard Colombian technical standard NTC-ISO 27001 with the standard ISO 27001? -
ISO 27001 phases and corresponding outputs
I need to create a matrix showing the phases of ISO 27001 implementation, including the steps in each phase, and listing the corresponding outputs (documents, reports) per phase. Could you point me to such a matrix which I can download from your site? -
Documenting controls from section A.14
The auditor of 27001 asked me to complete some documents that referred by SoA at
A.14.1.2 Security Requirements Specification
A.14.2.1 Secure development policy
A.14.2.2 Operation Guide
A.14.2.3 Technical Review Document
Unfortunately, I have no idea what to write to these documents. Have you templates to help me to this situation?