Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Applicability of control
The Dutch documentation set lists a.17 Rampen Opvang Plan (Disaster Recovery Plan) as mandatory. In the Declaration of Applicability, I have listed that making an appropriate backup plan is applicable. We have that backup plan in a separate document. Do you still think I should have a disaster recovery plan, or is that more for the business continuity standard? -
Rationalizing RPO
If I have an RTO for a system of 1 hr and the RPO as per backup data by IT is 4 hrs how would I rationalise the RPO? I know the business would have to suggest a suitable RPO..but how can it be rationalized? Is there a particular formula to use or ? -
Information security policy content
What should a information security policy statement of an ISMS include? -
Risk management according to ISO 27001, ISO 27005 and ISO 31000
it is regarding the ISO 27001 certification. The company I work for would like certified against the ISO 27001. So I need to write a risk assessment methodology. And it is been a while since I have done this.. the question lies on the business impact analysis. according to the website I only likelihood en impact assessment I don't see CIA ratings. But I think it is because the website refers to ISO 31000 and I am using 27005. 27005 does say something about asset valuation when you identify your assets. Based on my education I only know the method to classify CIA ratings against a process not an individual asset.The question is more like if you identify your assets that are supporting a specific business process, and threat and vulnerabilities and you don't use a BIA, but you go straight to assess the likelihood and impact just by saying it is low medium high then you don't use the iso 27005 standard if I am correct? -
Study references
I'm preparing my self to ISO 27001 Practitioner APMG certification. Did you have any reference or books for helping me to achieve this objective ? -
Alcance certificación ISO 27001
Trabajo en una empresa grande de telecomunicaciones, y han dicho que nos tenemos que certificar este año en la 27001. Pero no han definido el alcance, preguntando a especialistas, nos dicen que se certifican procesos, pero por otros lados veo que se certifican áreas, y la verdad no he encontrado el alcance de la certificación. Se certifican por áreas o procesos entonces? -
ISO 27001 implementation
I am tasked with the responsibility of establishing a secure by design road map, by developing and implementing a ISMS for the business. I am quite new to the industry and really do not have a clue on how to go about this. Would you be able to talk/walk me through a step-by-step (end-to-end) process/guide on how to achieve this humongous task set before me by the business please? -
Audit scope
We have purchased your ISO27001 templates for each of our three companies. In regards to completing the documentation and finally going for accreditation. -
Integrating ISO 27001 to business
1 - Gostaria de saber melhor sobre os elementos procedimentos de controle de documentos, as ações corretivas e preventivas e a auditoria interna. Como especificamente colocarei isso na documentação da empresa que estagio? Além dos procedimentos de controle de documentos, as ações corretivas e preventivas e a auditoria interna, papéis e responsabilidades dos funcionários, fornecedores e terceiros, termos e condições de contratação, procedimentos de operação das instalações de processamento de informação. -
ISMS implementation strategies
1 - I am thinking of assisting a friend of mine (providing consulting) in implementing ISMS.