Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Documentation toolkit content
Una pregunta del paquete de plantillas...Estuve revisando el libro "Seguro y Fácil" y en el capítulo 5.1 habla de "Comprender el contexto de su organización", donde indica que respecto a la documentación es obligatoria: -
Responsible for asset related activities
Who usually do all the steps in a company (register asset into the inventory, perform risk assessment/classify info, label the info)? Is it the asset owner/the one dealing with the information or there is usually a team in a company that specifically deals with these things? Thank you for answering my question. -
BCM implementation
I am currently interested in Business continuity management ISO 22301 and get my self trained for the same. I have been given the responsibility to implement BCM within the company and also I have to work out the following action points -
Scope for a small company with outsourced infrastructure to mother company
We are 9 employees service company and a part of mother company. all our asset (IT hardware, network and applications) belong to our mother company. Employees are employed by the mother company or outsourced by the third party. our company is a contract partner with the B2B customers as we are a service provider to our mother company. We contract with the customer on services which are provided by our mother company. -
Scope definition considering suppliers
When an organisation define the scope as their critical application, information and database. They were defining the exclusion of scope in manual for development/maintaining, and cloud provider. Can they exclude if we refer to Clause 4.3 (c)? Shouldn’t they need to include but assess the risk and definite the relevant control such as A.15 to manage the supplier?" -
SoA availability
I am a little suprised that it is not easy to get to see a certified company's SoA. I was taight in my course that the certification is all about transparency so that your customers can see exactly what controls and measures you have or haven't taken to maximise your information security. -
Scope definition
Our company has different business units in the same building. Some are at the same office room. Can we exclude these business units from the scope, or are we obligated to add them in the scope? -
Employess trainning and awareness
Hi, I'm trying to find out how much employees need to know as a minimum for 27001? I know education and awareness is part of it, but just don't know how much is needed and what needs to be covered -
ISMS scope definition
The organisation where I am currently doing my internship, has purchased your document for the ISMS scope. I have a question about this document. What is the best way to define the Networks and Infrastructure that belong tot he ISMS scope? -
Stakeholder info to document
Hello, Currently I am at clausule 4.2 of the ISO27001 certification. I need to analyse the stakeholders for my organization where I am doing my internship. To analyse these, I made a table in Microsoft Word and used the following info to fill per stakeholder: - Stakeholder type (customers, suppliers, partners, employees and supervisors) - Stakeholder name (per stakeholder type there are different stakeholders. E.g. employees describes the sales, support, system engineers and so on) - Small description about the stakeholder (what are it's activities related to our organisation) - Requirements and expectations per stakeholder (e.g. customers: protect their data) - Laws, regulations, contract requirements (e.g. the GDPR for the Netherlands, processing agreement with customers) - And last but not least: does the organisation meet these requirements? Is this enough information for the stakeholdersanalysis? Thanks in advance. Yours sincerely, Tom van Ruitenbeek