Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Audit and ISO 22301
1 - Kindly assist me with the audit program for ISO 22301 as well as test plans. -
SOA preparation
When am I supposed to prepare the SOA? I am performing the RA now. Please advise -
Idioma de la documentación del SGSI
los documentos deben ser creados en el lenguaje del país original y si la divulgación va mas alla de este país debe hacerse en el lenguaje oficial internacional, Ingles. -
Application of control A.18.1.1
I am having some trouble with A.18.1.1. Do I need explicitly identify every applicable requirement for the every law and standard applicable to our company such as all accounting, human resource (Federal, State and local) or it should be towards our services that we provide? -
Organizational unit responsible for ISO standards
When a new department is formed to establish and ensure certifications for ISO27001, ISO22301, ISO20000, what name should that department be called? Scenario: This new department does not consist of any Subject Matter Expert on any of these areas: ISMS, BCMS, ITSM as these experts will be in other departments which are more specific to their expertise, example Application Development Department, Infrastructure & Security Department etc. Meaning this new department will only be manned by a few personnel who will lead the implementation of ISO 27001, ISO 22301, ISO 20000, taking the role as facilitators to the SME in ensuring it complies to the Standards. An Audit Team will also be in this Department. So may I have your suggestion what is the best name to label this new department. Are these names applicable/ suitable? Suggestions: 1) ISO Compliance Department 2) Quality Management Department -
Risk assessment
My question regarding risk assessment is how to conduct the table tools of it. -
ISO 27001 standard
Compulsory reading is the ISO 27001 text. Where can I find this? I does not seem to be in the set of documents we received from you. -
ISO 27001 Mandatory documentation
I have a question for you with regards to Document Control for ISO 27001. In the Checklist of Mandatory Documentation Required by ISO 27001:2013 it lists Procedure for Document Control as a Commonly Used Non-Mandatory Document however when I read the Document Management in ISO 27001 Blog dated March 20, 2010 it states that you won’t get certified if you do not have a Procedure for Managing Documents. These 2 information sources appear to be in conflict to me. Could you provide me with some details please? -
Un sólo documento o varios
Estoy implementando el SGSI en mi organización y quisiera saber si puedo tener un solo documento el alcance, políticas, objetivos, funciones, responsabilidades en un soló documento y no cada uno por separado.