Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
BCMS | ISO 22301:2019
How much time is required for BCMS implementation in a medium sized organization?
-
Entry into the IT department
1 - I will like to know if iso 27001 standard talks about a single point of entry into the IT department. I will like to know if ISO27001 talks about multiple entry into the IT department and best practice.
2 - if not, what standard should I look out for
-
Supplier Security Policy Question
Good afternoon,
When looking through the Supplier Security Policy, am I correct in stating that this is only for actual services used by our companies? Does this apply to customers of ours? Or in our case, does this only apply to the company that does our accounting? And other companies that we use the services of?
-
Backup and DR plans - outsourced services
We have some troubles regarding Backup and Disaster recovery rules for our outsourced services / applications.
We have around 200 different applications where the operations and backups are outsourced. We have divided our applications into 3 different criticality categories - where we have set requirements and collected answers for RPOs and RTOs for the applications with highest criticality level.
All assets are still in scope (even if they are not business critical) and we have some controls for risks covered by for example backup procedures.
Does that mean we have to collect RTOs and RPOs for all our assets? Or do you have any suggestions on how we can adjust in our policies to make it more simple for us?
-
ISO 27001 Scope Document
1- Do we need to show network documentation of all offices in the ISMS scope, or can we put reference links to the documentation? 2 - Do we need to include network diagrams of each office in the ISMS scope document? 3 - Do we need to include the XYZ1 office in the scope as the whole outsourcing department works from XYZ2, and it's only the senior managers like the CEO and Founder who work from XYZ1 including the IT security administrator? 4 - Will the ISMS scope focus on the outsourcing department's IT infrastructure be enough, or do we need to implement the ISMS scope to cover the *** IT operations infrastructure across the business? -
SOA Control Objectives
I am reviewing the “Statement of Applicability” document within the 27001 2022 toolkit and noticed that under the SOA table in para. 3. Applicability of controls there isn’t any control objectives.
Can you confirm that the controls listed in the 27002-2022 are the same controls used in the 27001 2022.
-
Add Further Reference Documents
Hi firstly, thank you for creating a great product. We have a few further reference documents that we would like to include as part of the ISMS. These are related to our regulatory requirements, we should include the Australian Governments Information Security Manual (ISM) and Right Fit for Risk (RFFR). Can I please confirm the best way to add these two key documents?
-
ISO 27001 - Question nonconformities
We have a question about non-conformities.
We are now awaiting the results from our internal audit, and wonder what of their findings that should count as non-conformities (if any)? Is it only those with risk level "high" or "Critical" that should count as non-conformities, and the other ones as regular risks? Or how do we know how to classify the findings?
-
Supplier Security Policy
I am currently reading over the Supplier Security Policy and wanted to check something. Under the "Monitoring and review" section, it mentions auditing the supplier or auditor once a year. What exactly is meant by this? And is it required?
-
Internal Audit Questions
1. On the first management review meeting should we discuss about the Internal Audit
2. Should the project manager gather all pieces of information during the project implementation