quiero preguntar si es seguro manejar información en la nube por medio de un externo, que servicio me recomienda ?
Division of tasks
I am currently the only individual responsible for information security management, quality management, business continuity management and GDPR in an organisation with circa. 4-500 employees across UK and international offices?
Shared resources
In our Office we have one risk that I am not really sure what we can do to mitigate the risks, it is as following:
ISO 27001 implementation project
I want you to advise me on how i can prepare for an ISO S 27001project and especially how to tackle the gap assessment phase.
Applicability of controls
I have a question: I marked the whole section A.16 Information Security Incident Management as not applicable. You have made no comment on that. My question is this: Is that even allowed? Can it make any sense to not have an Incident Management system, when you strive to work in accordance with the PDCA cycle?
ISO 27005 Annexes
I am working on the development of InfoSec risk management framework. Can you please guide if we can use the Annex B, C, D (of ISO 27005:2011) in our own framework. Is there any compliance issue?
ISMS audit
I have a ISMS audit.Please guide me ho to proceed with documents and all process?
ISO 22301 implementation
1 - We finished our ISO/IEC 27001:2013 audits and are waiting for our certificates. We are wondering how much effort compared to ISO/IEC 27001:2013 (we got your ISO 22301:2012 documentation) is required to implement ISO 22301 when an ISMS is already implemented.
I am looking at our suppliers and considering each one in terms of risk. I am aiming to define the level of risk as low, medium or high for each supplier.