Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Template content
1. Is there a template defined and documented for determining competence for ISMS roles? -
Return of assets control
I have a question about the control A.8.1.4 return of assets. The control is mentioned in the document about permissible use. Because of that I made a list with assets, their release, a returning field, the owner of the asset and a field for some extra description (the serial number for example). I started with myself. I have a Mac Book and some other apple equipment. I wrote it down. But when I wanted to send the document to other employees to complete some other rows, I realized that they will ask me if you have to note every computer (and other things) an employee is working with. Everything I -
Use of templates
Are we required to use the policy templates outlined in your 27001 package, or can we use a different format, such as the one attached, for example? If we use a different version, would we still be recognized under 27001 certification? -
ISMS implementation
Background: -
3.2.3. List of Authorized Persons
The guideline for information classification talks about a list you have to make for „limited“ and „confidential“ documents. How does it work? Some of the documents talk at the beginning about purpose, scope and user (for example the SCOPE-document). Is this enough in that case? -
Defining scope
Is it important to certify all systems regarding ISO 27001, or can I select specific system/application to apply certification? -
Lead Auditor Course
I recently purchased your book "Becoming Resilient - The Definitive Guide to ISO 22301 Implementation:' and I must say it's excellent. You were able to take the sometimes convoluted standard language and make it easy to understand, well done. I have a quick question, I will be attending ISO 22301 Lead auditor training course next week which will follow with the IRCA ISO 22301 Lead Auditor exam. Do you have any advice, tips, documentation recommendations, etc. that would help me prepare for the exam? -
8.1 Información documentada necesaria para tener confianza de que los procesos..
Hola, 8.1 Información documentada necesaria para tener confianza de que los procesos se han llevado según lo planeado. En este punto de la norma, a que procesos hace referencia? se tienen que documentar todos esos procesos? serian por ejemplo los procedimientos que seguimos para la toma de las medias de métricas e indicadores o se refiere a otro tipo de procesos? Muchas gracias! Saludos -
Toolkits and CSA CCM
Do your services, sample documents, and products extend to the "Cloud Controls Matrix" (CCM) - which, along with ISO 27001, is part of a CSA Star certification?If so, where should I look? If not, do you have any suggestions? -
Implementar ISO 27001 en la nube
¿Como implementar iso27001 cuando mi organización tienen fuerte dependencia y opera con proveedores en la nube, tipo AWS?