Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Requirements for corrective action
On Corrective action form, we don't need to record the correction process? because there is no field on that form. on procedure said "An employee who notices a nonconformity must take immediate action to control it, contain it and correct it, and to deal with its consequences; if an employee is not responsible for such nonconformity he/she must forward information about that nonconformity to a responsible person, who must make a correction." -
ISMS scope definition
we are a company that give xxxxx consultancy to our customers, we could start certificating a process called: “Manage of customer information” where the point is to make sure we have enough security controls in order to protect customer information, and in case we don’t, we would set up compensating controls to make sure we protect this valuable information. Would this process (Manage of customer information) be viable to certificate for an auditor? -
USA laws and regulations related to ISO 27001
I have a client applying for ISO 27001 recertification. As part of this process, they have asked me to create a list of relevant U.S. laws and regulations and advise them as whether they are applicable to their business, and if applicable what the requirements are. Do you have documentation that I can purchase that will assist me with that? -
Corrective action process
Am looking at the corrective action process. -
Performing BIA and protecting privacy
Our xxxxx has been hiring a consultant every two years to assist them in 'updating' our BIA. Our xxxxx department is using the xxxxx tool and our CIO reviews our Cyber Security self assessment and then there's me who is putting the finishing touches on our xxxxx tool. It is time to update our BIA and looking at a DIY tool to use going forward. Our CIO is interested in a consultant or firm to assist in mapping GLBA and Cyber Security to move toward certification. Looking to find a place to start and build a roadmap. -
ISMS checklist
I want to prepare a professional checklist for ISMS but I cant find the best way. -
Scope and Policy Definition
I'm a student and I have in my training ship a project about ISMS (information security management system). I found a problem to define my scope project and politic in the first Step PLAN I work with the best practice of ISO 27002 . If you have more information about can you help me please. -
Asset owner
I have a question about the ISO 27001 Risk Assessment: If all employees have a laptop, do they all have to be mentioned separately in the Risk Assessment Table? Or can I just put 'all employees' as asset owner? -
Risks related to ID cards
Could you please help me to know the risk if an employee forgets his/her Permanent ID card. -
Information security policies
Do you have an Information Security Policy that is not referencing ISMS and ISO 27001. We are not there yet and looking for something more generic for first time round