Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Implementation alternatives
Dear Dejan, thanks for your email. I'm currently project manager for XXXXX responsible for achieving GDPR compliance and ISO 27001 accreditation. If you don't mind I've a question for you. What order would you progress these two projects? GDPR on it's own because of the known date for the regulation coming into force or ISO 27001 accreditation knowing this will deliver an environment which satisfies GDPR? I value your opinion. -
ISO 31000 and ISO 27001
Do you use ISO 31,000 for ISO 27,000? -
Business Continuity Lifecycle document
I have an audit and they are requesting for Business Continuity Lifecycle document. Please advise which document should I share with them according to ISO22301 standard. -
Becoming an auditor
I have worked as a Network Security analyst for 2 yrs 3 months in an IT firm and now i am unemployed since 1 year. I want to resume and willing to work as an auditor. Will my experience count for auditor profile and how do i start preparing so as to become an auditor? -
Compliance list
Hello, I'm trying to prepare the interested parties and "List of regulatory, contractual and other requirements" list prior to defining the scope. It is easy for me to list some interested party requirements when the interested party needs something, such as customers (i.e. they need to protect their information) or government agencies (i.e. they want you to comply with the laws & regulations) etc... But i dont know how to list the requirement when an interested party impacts organizations information security, for example an employee working in a public place and connecting to organizations network remotely, or supporting company personnel connecting to organizations wireless network, or an untrained employee clicking on a link in a phisihing mail etc. Thanks in advance. -
Information security implementation
Based on little more than general awareness of security risks, we had a technical security review done. The conclusions were pretty damning. We are a small UK/Norway company using lots of data. We're pretty thinly staffed on the IT side (half an FTE, if that), but want to make sure we do this properly. Were do we start; hiring a cyber expert, cyber essentials, or ISO27001? I am a bit worried that we are spending more time 'doing documentation' than actually improving security. All advice welcome!! -
List of legal requirements
I need to fill in the list of law and regulations and other contractual commitments. Do you have an example of one based on the European law? -
Cyber Essentials
We are a small organisation. How do I decide whether cyber Essentials is the best Place to start or go for ISO27001? -
Certification requirements
Can the ISO Implementation Engineer state that the MSSP Department is Certified, while the audit has been scheduled for the next cycle. I believe without the real implementation and audit in place, they cannot simply announce it as certified. Correct me if I am wrong, please. -
Toolkit content
Reviewing the toolkit, in the folder: "08_Anexo_A" I do not see the following controls: