we launch the new projet information classification , we have some difficulties. in second step before inventory assets ( information classification) we should evaluate according to the three criteria of security ( confidentiality integrity availability) but le final results of classification is only according to confidentiality ??
Management Systems Integration
actually in my job, i implemented iso27001 and the gold certificate of 27001. the problem is how integrated iso9001 and 14001 ,27001 with other system of quality, thanks for you re help, i need other book.
Internal audit frequency
About the ISMS internal audit role: Shall the ISMS be fully audited by internal within one year or shall it be fully audited every 3 years including minimum of one audit per year?
Inventory of assets
We are finally nearing our initial exercise to complete the templates from your company. I am not at the point of the Inventory of assets. I have a question tho as it mentions the risk assessment table.
ISO 27001 benefits
The subject of the dissertation is about the Application of ISO, but in one part of my thesis I need to explain about ISO 27000 (norms, benefits) in rural Tourism. I hope to give me the information needed to enrich my thesis. Thank you for your cooperation.
Lead Auditor certification
Dear Dejan, Planning to take up ISO27K1 Lead Auditor training and certification soon. Who certifies the final exam? I am hearing different answers from diferent quarters: PECB, IRQA etc.
Audit process
Hola, el libro te da una ligera idea de una auditoría interna pero no se explica cada paso a detalle, tampoco que documentos se necesitan o generan , ni el como deben de generarse. Me pudieras ayudar con esto?
Scope review
I have one client, previously their ISMS scope is to covers the Data Centre in their own premise. Now, they have move most of their critical applications and databases to a new hosting Data Centre belong to their managed service vendor. Is the ISMS scope remain unchanged or require to further extend the scope to the new hosted Data Centre? Last time their ISMS scope is called “Operation Management Data Centre of [Company Name]”.
People related threats and vulnerabilities
How are you handling the people aspect of Risk Assessment. The only risk we can come up with is loss of process/institutional knowledge. We are a SMB with 100 employees.
Change Management
Basically how to comply with ISMS/27k requirement when you are moving to new facility with all the old Assets from current facility ? Do you have any documents or set of questionnaire? if you have please share.