Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
GC Mark for business continuity
Do you have a personal opinion on the GC Mark (Global Conformity Mark) as an interim step before pursuing ISO 22301 certification? We have a Business Continuity program, but it is not 100% rolled out, so we are not comfortable with ISO certification yet. -
Procedure for document and record control
1- When creating the risk assessment, do we consider all the existing 'controls' that are in place. For example, we already have a password security policy and 2 factor authentication enabled by default, therefore our risk of someone accessing our email for example that doesn't have permission is low (no one is going to be able to guess our passwords). In this case do we need to identify them as it appears it's required in the statement of applicability. -
Toolkit structure
About to start the journey but the GDPR documentation is integrated into the ISO Kit, is there a quicker way of separating them from the toolkit? Or do I have to go through the toolkit and pick out each document that belongs to GDPR one by one? -
Risk assessment examples
Can u pls guide me on process based risks..I mean some exampls of that ..I need to do Risk Assessment of an Account. -
Investments on ISO 27001
Estou trabalhando em um plano de negócios que envolve entre uma série de fatores, os mais importantes para o assunto 27001 é que se trata da aquisição de uma pequena empresa de fabricação de software. -
Inventory of assets
The inventory of assets is related only to the Information related assets? or the furniture and other fixed assets are included too. -
Controls in third party facility
We have implemented 27001 in our organisation head office. We own the premise and so can control the environment and all the information security requirements where the premise is concerned. We are now implementing 27001 into a secondary office. Here we use around 10 public buildings, these are free of charge, we have no contract in place and they are not a supplier. How can we implement the controls when it is out of our hands? For example we have no control over the perimeter or their utilities, we have no control who comes into the building etc. Mainly those areas in A11? How do we comply with 27001 in this case? -
Risk treatment plan
I have finished doing your e-learning course on 27001 Internal auditor and am still not sure if you need to include the treatment of all risks in the Risk Treatment Plan or just those for the risks that you have evaluated as unacceptable? Can you help ? -
Requirement for vulnerability scanning
I want to verify in what part of the ISO compliance that will require a company to do 3rd party scanning for vulnerability assessment and penetration testing... -
Standard for BCM
1- is there another standard for BCM? or this is THE standard to follow?