We are getting closer to performing a Risk Assessment, my question to you is what is the best practice to calculate the level of risk. Should likelihood and consequence be added or multiplied?
ISMS implementation
1 - I wan to implement isms can you give an example of implementation of isms?
Disaster recovery and ISO standards
For Geographical Disaster Recovery What ISOs i need? and I would like having an example step by step for from RPO/RTO to success Disaster Recovery Plan to show what is the benefit for implementations ISOs for the company.
ISMS gap analysis
Can you share to me a questionnaire tool/file that helps us to examine the current status of ISMS and track the controls, which one is applied and which one is not?
List of requirements template
I find that the List of List of Legal, Regulatory, Contractual and Other Requirements is a mandatory document. I don't know how to fill this in. When it says "requirement" what is it asking for? Same for "document stipulating the req". Is there a tutorial for this one or a webinar? In what situation would this document be found applicable?
Cryptography and ISMS
I want ask you how can blockchain controlled by ISMS ?
Actually my company investing in blockchain technology, and i'm trying to know how can i cover that in my organization ISMS
iso27001 and iso20000
One of the topic I have seen in your website, the one related to integrated management system iso27001 and iso2000. I am wondering if this would work in reality, since IT and info sec would fall in different organization unit?
Internal Audit - Technical Knowledge
The Internal Auditor must have a high level of technical knowledge to audit the company respecting ISO 27001? what is the minimum knowledge needed...
Audit Plan
The Audit Plan is a document written per policy or department that will be audited or it is an overall document?
Internal Audit - Lack of Documentation
There is a Lack of Documentation in the company where I work, but they want that the audit team start with the internal audit, is this possible to do? or what can the audit team do while the documentation is not ready?