Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Controls applicable to suppliers
I want to know the list of controls applicable to a third party in case you outsource a service to him? -
Procedure for management of NC and CA
Can ISMS non-conformities be addressed by this procedure: https://advisera.com/14001academy/documentation/procedure-for-the-management-of-nonconformities-corrective-and-preventive-actions/ -
Expanding ISMS scope
A client currently certified for their organisation in ISO 9001, and also certified ISO 27001:2013 in one of their departments. My question is how can they move forward to have their ISO 27001 to implement in the rest of the organisation? -
Risk treatment and SOA
I have a question about the Statement of Applicability from the ISO 27001 and a question about the Risk Treatment Table from the ISO 27001. -
Requirements for corrective action
On Corrective action form, we don't need to record the correction process? because there is no field on that form. on procedure said "An employee who notices a nonconformity must take immediate action to control it, contain it and correct it, and to deal with its consequences; if an employee is not responsible for such nonconformity he/she must forward information about that nonconformity to a responsible person, who must make a correction." -
ISMS scope definition
we are a company that give xxxxx consultancy to our customers, we could start certificating a process called: “Manage of customer information” where the point is to make sure we have enough security controls in order to protect customer information, and in case we don’t, we would set up compensating controls to make sure we protect this valuable information. Would this process (Manage of customer information) be viable to certificate for an auditor? -
USA laws and regulations related to ISO 27001
I have a client applying for ISO 27001 recertification. As part of this process, they have asked me to create a list of relevant U.S. laws and regulations and advise them as whether they are applicable to their business, and if applicable what the requirements are. Do you have documentation that I can purchase that will assist me with that? -
Corrective action process
Am looking at the corrective action process. -
Performing BIA and protecting privacy
Our xxxxx has been hiring a consultant every two years to assist them in 'updating' our BIA. Our xxxxx department is using the xxxxx tool and our CIO reviews our Cyber Security self assessment and then there's me who is putting the finishing touches on our xxxxx tool. It is time to update our BIA and looking at a DIY tool to use going forward. Our CIO is interested in a consultant or firm to assist in mapping GLBA and Cyber Security to move toward certification. Looking to find a place to start and build a roadmap. -
ISMS checklist
I want to prepare a professional checklist for ISMS but I cant find the best way.