Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Toolkit selection
I am currently in charge of establishing and implementing an ISO 27001 ISMS in my organization. Initially, the scope was for a process and facility in the US but this has been expanded to include two facilities in Europe (France and Belgium). The company is a French company and uses the EU GDPR regulation in Europe but also need to comply with the US legislator requirement. -
Information labeling
I have a question about the information classification policy. What is it that needs to be labeled when talking about information labeling? Is this going to be all documents within the organization, electronic and other forms, that need to be labeled according to this policy? Or is it just the documents about the ISMS? It would be tough to go through every document and label it as such. -
Personal certification maintenance
I have completed my certification in ISO 27001 lead Auditor in 2016. -
Template content
1. Is there a template defined and documented for determining competence for ISMS roles? -
Return of assets control
I have a question about the control A.8.1.4 return of assets. The control is mentioned in the document about permissible use. Because of that I made a list with assets, their release, a returning field, the owner of the asset and a field for some extra description (the serial number for example). I started with myself. I have a Mac Book and some other apple equipment. I wrote it down. But when I wanted to send the document to other employees to complete some other rows, I realized that they will ask me if you have to note every computer (and other things) an employee is working with. Everything I -
Use of templates
Are we required to use the policy templates outlined in your 27001 package, or can we use a different format, such as the one attached, for example? If we use a different version, would we still be recognized under 27001 certification? -
ISMS implementation
Background: -
3.2.3. List of Authorized Persons
The guideline for information classification talks about a list you have to make for „limited“ and „confidential“ documents. How does it work? Some of the documents talk at the beginning about purpose, scope and user (for example the SCOPE-document). Is this enough in that case? -
Defining scope
Is it important to certify all systems regarding ISO 27001, or can I select specific system/application to apply certification? -
Lead Auditor Course
I recently purchased your book "Becoming Resilient - The Definitive Guide to ISO 22301 Implementation:' and I must say it's excellent. You were able to take the sometimes convoluted standard language and make it easy to understand, well done. I have a quick question, I will be attending ISO 22301 Lead auditor training course next week which will follow with the IRCA ISO 22301 Lead Auditor exam. Do you have any advice, tips, documentation recommendations, etc. that would help me prepare for the exam?