Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Risk assessment and BIA
What would be the best practice for inclusion of ISMS risk in the BIA analysis, or in the questionnaire? My colleague, ISMS manager thinks I should add to BIA questionnaire fields with URLs applications that are used, so we are interested in what is "best practice" for this purpose? -
Implementing a Business Impact Analysis according ISO 22301
Seguramente una vez un webinar colmado de profesionalismo y sabiduría. -
Auditor's opinion
Hypothetically speaking how do you think an ISO 27001 auditor would view the following situation: a firm that is very paper dependent, through the risk assessment process has identified risks to the papers, the impact of which could be very high not only financially but to the reputation as well. Following the risk assessment that firm then chose to accept the risks of loss of confidentiality and availability of those documents and not implement a clear desk policy and provide some additional storage in order for the organisation to securely lock the documents away at night. -
Convergence of ISO 27001 and ISO 22301
We have a project to determine the feasibility in convergence of ISO 27001 and ISO 22301 by creating a single policy for both standards. Alternatively we would like to create an overarching policy which would describe our process for both standards. Can you advise how this can be achieved and whether you have a toolkit which can assist with this goal. -
HIPAA and ISO 27001
If an organization is already compliant to HIPAA, and is considering ISO 27001 compliance, how can they leverage their HIPAA compliance to speed up ISO 27001 compliance (e.g. is there a mapping available)? -
BIA and risk assessment
1 - The BIA includes a risk assessment?
2 - Should The BIA questionnaire be different for every business unit into the company? -
ISO 27001 clause 7
I did not find any article on the site advisera.com/27001academy on the clauses 7. Support, 7.1 Resources and 7.2 Competence. I have difficulty interpreting these clauses. Can you help me? -
Auditor support material
I have done my ISO 27001 Internal Auditor course through your company. I was wondering if you might be able to assist me with a template or report structure that i could use as i need to do an assessment for one of our clients. -
Inventory of assets
1 - I am filling the Inventory of assets as per the ISO 27001 toolkit template. I tried to access to the "How to handle Asset register according to ISO 27001 link but unfortunately couldn't as data was not found. -
Root cause analysis on ISO 27001
We received this question: Are root cause analysis is not mandatory on ISO 27001:2013?