Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 27017, ISO 27018 and ISO 27001
Do I need to comply with ISO27017 and 18 in order to be compliant with ISO27001? I'm asking to know if I can skip the cloud stuff until I've implemented ISO27001. -
ISO 27001 assessment
Do you have a simple checklist that can be used to do high level assessment for ISO 27001? -
Controls from section A.11.1
which document should cover a11, a11.1 a11.1.1 - 1.6 etc, that's all the physical parts? I can't seem to find a document where this is addressed -
ISO 27001 Annex A structure
quería saber si me pueden ayudar informándome porque el anexo A de la ISO 27001 inicia en el numeral A5 -
ISO 27017, ISO 27018 and certifications
So v2013 is pretty much fully evolved. But it needs a new sentence - Ensure your cloud provider is certified to 27017 for security and 27081 for privacy? -
Roles and responsibilities
Would you have an template for this Definition of security roles and responsibilities A.7.1.2, A.13.2.4 -
Segregation of duties
hello, we have your templates we bought last year. We just went through stage 1 and they highlighted that we are missing a6.1.2 segregation of duties. I wondered which template/document that was addressed in, perhaps I removed it or simply didn't fill in that section -
Applicability of control A.14.1.3
In my Company, we don't have online financial transaction and have some web applications. Is A.14.1.3 Applicable? -
Asset owner and risk owner
Cual es la diferencia entre propietario del activo y del riesgo? -
Information labelling
In the Information Classification Policy under the Information Labeling section there is a statement that one should display the confidentiality level in applications and databases on the system access screen. We are having a hard time putting this into practice for let's say a database being accessed through a 3rd party tool like pgadmin or other 3rd party software where we do not control the appearance.