Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Controls applicability
Today I had a discussion with an auditor here in XXXX. The discussion was about which controls in Annex A are mandatory (if they are) and why. The auditor insisted (due to instructions she seemed to have) that only the following controls are mandatory (i.e. they cannot be excluded from the ISMS, as she said): -
Recognizing certificated organizations
I want to know when some organizations have iso certificate when I walk in that organization how can I understand that organization has iso certificate? I want to know what is observation item should I see when I walk in that kind of organization? -
Risks definition and SoA
We bought the toolkit for our planned implementation for ISO 27001&27017&27018. I've looked at the tutorials in order to fill in the correct info but have a problem to define the risks as well as the statement of applicability. -
Access to suppliers SoA
I have a question regarding suppliers: Am I entitled to have access to a suppliers SoA? -
ISO 27031 or ISO 22301
In disaster recovery, ss it using ISO 27031 or ISO 22301?What is it the difference? -
Risk assessment example for agile approaches
Do you have an example of agile approach in risk assessment and risk tractability? Effectiveness of risk treatment system. -
ISO 27001 and COBIT 5 relation
How is ISO 27001 related/aligned with COBIT 5? -
ISO 27001 implementation
How to implement ISO 27001 from scratch step by step? -
Control performance evaluation
In the risk register of a company they have put 'sufficiency of controls' and concluded that there is no risk and closed all the risk issues. How to ensure that controls are sufficient, particularly when the audit time is limited? Also how to identify the most important control which will ensure 'sufficiency'? -
ISO 27001 and NIST RMF
Are ISO 27001's Risk Management process and NIST's RMF (Risk Management Framework) similar?