My organization has a total of 30+ employees and it is a kind-of virtual organization. We are registered but do not have a dedicated office location. We have hosted our environment in a cloud location managed by a CSP with proper segregation from other tenants. Our employees connect to platform through VPN across the globe. Our clients wants us to obtain ISO 27001 certification and we as an organization also want to establish an ISMS. Given this scenario, organization without a dedicated office location, can we go-ahead for ISO 27001 implementation and certification?
Cybersecurity and ISO 9001
How is cybersecurity related to ISO 9001 2015?
Implementation of control A.18.2.2
may I ask you about some guidance for A18.2.2?
Requirements of ISO 27001 to be implemented by the CSP
1 - I need a clarification in my ISMS scoping: My organization is obtaining hosted cloud services with proper VPC segregation. We manage the operations in terms of app development, change management and maintenance. The CSP is already certified for ISO 27001. If I need to implement ISO 27001 for my organization, I need to understand which are the requirements that I should implement and which will be covered by the CSP?
Risk assessment approaches
If you are already ISO27001 registered can you changed from an Asset-based risk assessment to a Scenario-based Risk Assessment?
Internal audit client
We, Internal audit will be performing an ISMS audit based on the IT department request who should we report to in terms of our findings ? is it the IT department or the AC as per the norm?
Risk assessment participants
It is the first time that my company will applies the ISO27001 and my doubt is about who must perform the risk assessment, the IT Department , RRHH, the Informations Security Manager or who…
Selecting qualified ISO 27001 certification auditors
We’ve shortlisted a few ISO auditors.
ISO 27001 and Information Security manger
what this standard define with respect to Information Security manger?