Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Sample texts in templates
I don't understand the part of "Managing records kept on the basis of this document" in document 00_Procedure_for_Document_and_Record_Control_Integrated_EN.docx -
Delayed audit report
I have post Internal audit problem with regards to incomplete and delayed reporting of internal audit carried out in April, 2017 the audit IQA-Q2 was closed out. However the report since April was never completed due to reshuffle and resignation of lead auditor and unavailability of the draft close out report. -
Documents review criteria
Could you please clarify, if we can indicate the revision of the documents (policies, procedures etc) "if necessary", or we should give the specific time frame, once a year, for example? -
Cláusula 7.4 de la ISO 22301
Pregunta: He estado trabajado con la documentación que me enviaron, sobre todo con la del BIA, pero ahora necesito abordar el tema de la comunicación cláusula 7.4 de la norma, tienen documentos para este punto, no lo he podido identificar en el pack de documentos. Respuesta: Puedes cubrir todas las cuestiones relativas a las comunicaciones con el Plan de Respuesta a Incidentes, el Plan de Continuidad de Negocio, y el Plan de Recuperación. Por tanto, básicamente no tenemos un documento específico para la cláusula 7.4 de la ISO 22031, pero puedes usar los documentos que he mencionado para cubrir con los requerimientos de esta cláusula. -
Risk assessment and BIA
How does the risk assessment correlate with the BIA? -
BCP and DRP tests
Can you please provide me the guidance on conducting BCP and Dr drill. -
Improving an information security program
I need general advice as to how to go about trying to overhaul and improve the information security program in my organization. An audit has been done in my organization recently based on ISO 27001 controls questionnaire and it looks like we are not doing to well based on the scores -
Who verifies the implementation of controls?
I have your documentation toolkit - in the document called “Checklist of Mandatory Documentation” the “Mobile device policy” is in the list of “Commonly used non-mandatory documents”. As for A.6.2.1 A policy and supporting security measures shall be adopted…. I understand that we don’t need to write such a policy as the control does not say “shall be documented” but it just feels strange to not have a policy in written form… Is it a part of the Audit (internal and external) to verify that everyone knows how to handle mobile devices? -
ISO 27001 clauses
I have a question about ISO 27001 - we said that ISO 27001 has 14 clauses, what are those clauses? because in the norm we can only see clause 4-10? Could you please list these 14 clauses for me? -
Does the toolkit include the 27002 documentation and best practices?
I was just about to purchase the ISO 27001 toolkit to get started on this important project, but after reading a couple of your blog posts, I have a question. It seems that ISO 27002 provides details on which and how to implement 27001 controls. Does the toolkit include the 27002 documentation and best practices? If not, how to I leverage the 27002 information?