Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Definition of implementation for an ISO 27001 project
We are in the planning stages of implementation of ISO27001 and are using Conformio to plan the project. I have a questions about the Free Calculator – Duration of ISO27001/ISO22301 Implementation tool. What does the tool use as a definition of implementation complete? For instance is Risk Assessment complete, procedures written and employees trained the definition of complete? Or does complete also include 3 months of the system in operation or is it ISO certification or some other measure? Would appreciate some additional insight into the definition of project complete -
Impact Analysis Questionnaire
Please assist is there a way I can engage BCM on new initiatives and projects before going live. Do you have any checklist for such request? E.g. for Information security they have Security questionnaire. -
Qualitative and quantitative risk assessments
what is the difference between qualitative assessment and quantitative assessment? -
Proposal for ISO 27001 project
l am in the process of putting in a proposal for the adoption of IS027K( think ISO 27017/18, 2233) for a Hybrid Cloud Solution l am tasked to put forward a High Level Document by the 22nd August if you can email me any information it would be most grateful. -
Becoming ISO 27001 Lead Auditor
I am looking to be a certified ISO 27001LA but the problem i am facing is there is no clear path available and i am confused about it e.g for CISSP you can go and take an exam from ISC2 for CRISC CISA CISM CGEIT you contact ISACA but for ISO 27001LA i cannot see any such organization -
Risk assessment and business analysis impact
In your template for BIA methodology you say “Business impact analysis is performed after the risk assessment has finished, so that the information about required resources can be gathered during risk assessment.” I have always done the BIA first and then risk assessment against the assets identified in the critical activities. Does sequence matter, either one can be done anytime?? -
Premises access control
Can you explain the premises access regarding information security? Also, anything regarding Individual responsibility for Information Security or Premises Security. -
SOC Continued Operations Letter
Can you help me with the SOC Continued Operations Letter. What is that? -
Certifications to support risk resilience.
I am in the very early phase of investigating a business opportunity based around providing small to medium businesses ( max 50 staff ) with risk resilience services. In effect we accept that a cyber attack is inevitable, so we want to assist businesses to be agile enough to recover from an event with minimal disruption. I'm looking to see what certifications would be appropriate. -
ISO 20000 and ISO 27001 integration
What about ISO 20001 , in case we are planning for ITSM along with ISO 27001 (ISMS). How would you advise we proceed ?