May I ask to which extent should be a Share risk situation detailed in SoA?
Template content
I have just started work with the Risk Assessment Table template. Is it possible to change the colour range in the Risk column? Would like to have 0=green, 1=yellow, 2=orange and 3 and 4 =red. 3 and is red, but there is no colour scaling on 0,1 and 2...
I did have a look at the post in Expert Advice Community – could you also describe how to change the colour scaling, please
ISMS and QMS
It was advised that we need to implement QMS, as identifying and documenting all the process as this is the best approach. I actually did not quite comfortable, since it will increase the workload (thus require additional resource).
NIST CSF, ISO 27002 and PCI
Can you be tell me difference and similarity between Nist csf and iso 27002 and pci dad?
SOA content
The company I am working for has decided to implement ISO 27001 for a division only, a Division building up an iPaaS. I have a question related to SOA.
Distance of recovery site
Is in ISO 22301 mentioned any specific kilometer distance between the fail-over data centers ? I Know that the selection of DC location/provider is a complex thing and many things are to be considered, but the people (mangers) are kind of discussing all over again a Number X or Y. If there would be some concrete number in ISO 22301 (or PCI-DSS or another ISO/??? market/industry relevant/authoritative document, the discussion could be over). Please advice.
BCMS presentation to top management
I would like to know you, if you have an awareness presentation customized for a top management, which illustrate the importance of the BCMS for the business, in order to ease their buy-in.
Toolkit content
1 - Document: Project plan
ISMS scope
Is it possible to share a copy of a completed ISMS scope document. This would help to understand the types of items that we should be thinking about. I understand it is business dependent but an example would be usefull
Difference between guideline and measure
With great interest I'm reading your articles about ISO 27001. One thing isn't clear to me: What is the difference between a guideline and a measure?