Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Filling SoA template
I have a question about Statement of Applicability template. It has a column called "Justification for selection/non-selection" and you have commented it "Based on risk assessment results, contractual and legal obligations.". Could you please give further guidance for this column? I'm not sure what should I fill in this column. -
Filling Risk Treatment Table
Could you also provide guidance for what should be inserted in Acceptance of Residual Risks columns? Especially Vulnerability, New impact, new probability and Residual risk columns. -
ISO 27001 Standard reference in controls implementation
If my Organization is not planning to be certified by ISO 27001:2013 standard on an immediate basis, but still we want to use ISO 27001 standard document as a reference in our Information Security Policy and all other supporting policies e.g, password policy, Acceptable Usage Policy, Encryption Policy, Remote Access Policy, Malware Protection Policy,. Can we write ISO 27001 document as a reference in those policy documents? If yes, any other precaution need to be taken care apart from Organization has to buy a licensed version of ISO 27001:2013 document on its own name from ISO website and actually implementing controls mentioned in the ISO 27001 document? If no, please explain why. Your valuable inputs would be appreciated. -
BIA vs AIA
Hola buenas tardes me podrian decir como se le llama el AIA análisis de Impacto Aplicativo en la norma 22301 por favor? -
Scope Definition
In terms of reducing/isolating scope of ISO 27001 certification. If our business has a core offering with additional “add-on” offerings/services, is it possible to reduce/isolate the scope and be ISO 27001 certified with just the core offerings or would we need to be looked at and be audited for ALL company offerings as a whole? For example: One offering is to help marketing our client’s services and the “add-on” service is to host an LMS (Learning Management System). -
Controls required for ISO 27001 certification
Currently elements of specific requirements for 27001 are missing (Asset Management/Active Directory/User Access/'Screening of staff at recruitment stage/Procurement process which is currently being reorganised. I have advised that these elements need to be in place before we even consider ISO 27001 certification..Am I correct in saying this? -
Implementar ISO 22301 sin ISO 27001
Pregunta: es posible implementar la ISO 22301 sin la iso 27001? Respuesta: Completamente, aunque si implementas ISO 27001, la implementación de ISO 22301 puede ser muy sencilla, porque ambos estándares tienen muchos puntos en común. Este webinar te puede resultar interesante: https://advisera.com/27001academy/es/webinar/iso-27001-iso-22301-why-is-it-better-to-implement-them-together-free-webinar/ -
Interested parties
A quick question on interested parties in ISO 27001. How do employee families count as interested parties/how are they considered a stake holder? -
Firewall use requirements
We currently using the Opensource Firewall in our organization. Is that mandatory to use the Licensed Firewall for ISO 27001? Or the Opensource Firewall can be used and control? -
Risk assessment on IaaS
I have a query. I want to do risk assessment based on ISO 27001 of one of my business process build on IaaS (Infrastructure as a Service) from AWS. So the query is will the risk management approach differs while working in the cloud.