Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Methodology for calculating risk
I have purchased the ISO 27001/ISO 22301 Risk Assessment Toolkit yesterday. I am keen to know regarding the calculations related to the RISK assessments especially the methodology which is being used. Any additional information related to this would be useful. -
Information security in project management
I just wondered whether you have a template for control 6.1.5 (Information Security in Project Management)? I am struggling with how to write it. Kindly provide me with some indicators in the absence of a template on what to include. I am assuming that it will impact the entire project management cycle. The issue is that we have there different entry points for new projects and ten there are some rare occasions where some projects are run by branch offices without an approval from a central body. How would you recommend going about writing the control in this case? -
Organizational context and Risk Assessment Report
1 - Do I need to prepare some reports when risk assessment and risk treatment are done? I am asking because in your template “Risk assessment and risk treatment report” there is one sentence under “Time period” there is a sentence saying:"Risk assessment was implemented in the period from xxxxxxxxxx to xxxxxxxxx. Risk treatment was implemented from xxxxxxxxx to xxxxxxx. Final reports were prepared during xxxxxxxx to xxxxxxx." -
Controls applicable to suppliers
I want to know the list of controls applicable to a third party in case you outsource a service to him? -
Procedure for management of NC and CA
Can ISMS non-conformities be addressed by this procedure: https://advisera.com/14001academy/documentation/procedure-for-the-management-of-nonconformities-corrective-and-preventive-actions/ -
Expanding ISMS scope
A client currently certified for their organisation in ISO 9001, and also certified ISO 27001:2013 in one of their departments. My question is how can they move forward to have their ISO 27001 to implement in the rest of the organisation? -
Risk treatment and SOA
I have a question about the Statement of Applicability from the ISO 27001 and a question about the Risk Treatment Table from the ISO 27001. -
Requirements for corrective action
On Corrective action form, we don't need to record the correction process? because there is no field on that form. on procedure said "An employee who notices a nonconformity must take immediate action to control it, contain it and correct it, and to deal with its consequences; if an employee is not responsible for such nonconformity he/she must forward information about that nonconformity to a responsible person, who must make a correction." -
ISMS scope definition
we are a company that give xxxxx consultancy to our customers, we could start certificating a process called: “Manage of customer information” where the point is to make sure we have enough security controls in order to protect customer information, and in case we don’t, we would set up compensating controls to make sure we protect this valuable information. Would this process (Manage of customer information) be viable to certificate for an auditor? -
USA laws and regulations related to ISO 27001
I have a client applying for ISO 27001 recertification. As part of this process, they have asked me to create a list of relevant U.S. laws and regulations and advise them as whether they are applicable to their business, and if applicable what the requirements are. Do you have documentation that I can purchase that will assist me with that?