Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
información documentada de origen externo
La información documentada de origen externo se refiere a por ejemplo los informes de auditoria, pentest, los analisis de vulnerabilidades del OpenVas, los informes de la consola EPO, los mails semanales de nuevas vulnerabilidades del CERT de estados unidos, etc.... la documentación externa se tiene que codificar o con identificar que es externa ya vale? por ejemplo los contratos y anexos de los clientes les debo poner la misma nomenclatura que a cualquier otro documento del SGSI? -
7.5.1 b) Información documentada determinada por la organización como necesaria
para la eficacia del SGSIpara cubrir este requerimiento - 7.5.1 b) Información documentada determinada por la organización como necesaria para la eficacia del SGSI seria suficiente con hacer un excel donde aparezcan todos los documentos desde las políticas hasta los registros asociándolos por los requisitos de la norma y del anexo A? -
Procedure for Document and Record Control
I have a question about the Procedure for Document and Record Control. Specifically, section 4 (documents of external origin). What exactly is the incoming mail register? Is this physical mail or emails? Can you provide me with an example for this? Surely we are not required to track all mail coming into the building, I hope. What does it mean by "Each external document, which is necessary for the planning and operation of the ISMS"? -
BYOD policy
At the moment I try to complete the policy about BYOD. The BYOD-template includes a policy about the confidentiality of information (in chapter 3.4). I couldn’t find this specific template in the toolkit we bought. Can you tell me where I can find it. Does this template mean the template about the information-classification? -
Incident Management Procedure
Why is Incident Management Procedure file (https://advisera.com/27001academy/documentation/incident-management-procedure/) not included in the "EU GDPR & ISO 27001 Integrated Documentation Toolkit" I purchased? Is there any similar procedure included? -
Mandatory documents
I have been looking at the list of mandatory documents to prioritize our actions. I could not find all documents in this list in the Advisera documents. To get confirmation could you please confirm or advise on the following: -
Asset and Risk management
1 - In the asset inventory is it wiser to define as a asset-owner a person or a team? For example : XXXXXX, two persons of the ICT-Team are the senior admins, but both are not the the teamleader. My solution would be to specify in the asset inventory the teamleader as the asset-owner and make a link to a external competence matrix. -
CISO role
I have a question, the CISO shall be mandatory under the CEO of the company in the structure of the company or is fine to be also under the COO ? According to the ISO27001 where is stated to be placed the CISO? We are under ISO27001 implementation and we have this debate and I want to understand if we are ok with that . From my perspective if the CISO has the right budget and profile in the organisation to make the things according to the standards can be as well under the COO. -
Integrated inventory of assets
I have what probably is a question that would be hard to answer. -
Risk management process
I just need a few more information to understand the context between risk assessment, risk treatment and annex a. (I already watches all of Dejan’s Video tutorials and read his advice on your page).