Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Inventory of assets
I need assistance coming up with what could be company wide assets and risks. I have laptops, desktops, paper documentation, electronic documentation, fax/printer, off-site/external/outsourced services and the process that involves their deactivation of their accounts once terminated, and USB devices and memory sticks. These would be company wide assets that would apply to the company as a whole. Physical security and building management will be worked on by the building manager. For company wide assets, I cannot think of anymore... company assets that will need some sort of control that will be relevant for every employee. This would also exclude anything IT related such as software, cables, server, etc. What do you think could be more company wide assets that need to be added? -
Who must perform the Risk Assessment within the Company?
It is the first time that my company will applies the ISO27001 and my doubt is about who must perform the risk assessment, the IT Department , RRHH, the Informations Security Manager or who... -
ISO 27k project sponsor
We are implementing ISO27K by end of year 2017. However, my question is though the standard does not clearly indicate: who should an internal ISO lead implementer and official report to in managing iso27k related project in an environment where an information security manager exists? -
Asset inventory content
For the Inventory of assets, do I state what information in specifics I have on my computer, what information I have in paper documents in my cabinets, every software/application I have installed on my computer, and all company hardware assets I have? For every employee to name every document they have electronically and in paper form could take a very long time. Is this the case? What specific assets/information do I need to include in the inventory of assets? -
ISO 27001 implementation process
I´m working to implement in my company a ISMS with ISO 27001. Which will be the first step in this project? -
Log monitoring tools
In the mandatory ISO 27001 documents published on your site, you say it is required to have the following below: -
Definition of security roles and responsibilities
Ok, so there is a mandatory document if applicable, which is called the definition of security roles and responsibilities (clause A.7.1.2 and A.13.2.4). However, I cannot find it in the toolkit. Is it under a different name? cause I just looked through the documents in conformio and didn't see it -
SoA update
Can we update the SOA document once it's already been shared with the auditors? -
Examples for the risk assessment and risk treatment
Do you have some examples for the risk assessment and risk treatment? -
Business Continuity in SLAs
How can we deal with force majeure clause excuses vendors from disaster recovery / BCP responsibilities.