Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Competence evidences for ISO 27001
Regarding clause 7.2 from ISO 27001, what is expected for this? Are we expected to assess the competency of everyone in the organisation? If so is a CBT general security course sufficient to achieve this? I appreciate that as the Head of IS and given my qualifications I have a certain level of competence but what would be expected or "applicable" to all our users? -
Information security profile
In your diagram of ISO 27001:2013 Implementation process, there is milestone called “Develop a security profile of the company”. What does this mean? Is it simply the set of controls that will apply to the organisation in the statement of applicability? -
ISO 27001 and ISO 9001 implementation
Yo iniciaré uyn curso de ISO 9001:2015 para la implementación de la certificación para mi compañía. También estoy interesado en saber como implementar la ISO 27001. Mi pregunta es. ¿Que me recomiendan hacer para estas implementaciones? ¿Primero la ISO 9001 u obtener las 2 certificaciones en simultaneo? -
Information security policy communication
Are we required to have a signed copy of the information security policy statement posted in the office? -
Risk assessment
1 - Regarding Risk Assessment According to ISO 27001 and ISO 27005, I need your proper guidance and applicable methods on how to will carry out a risk assessment on a very high critical infrastructure, say nuclear research institute? -
Security objectives and audit process
1 - I am updating our ISP to include objectives which are measurable, with assigned ownership with relevant processes to manage their delivery etc but could you confirm how many objectives we should be aiming for? -
Sources of requirements
I have a question about the 'List of Legal Regulatory Contractual and Other Requirements'. Can you explain me what a 'Document stipulating the requirement' is? Can you also give an example? -
Duration of ISO 27001 implementation
Cómo puedo calcular el número de sesiones para implementar 27001:2013, teniendo en cuenta que se va a implementar 9001:2015 y se tuvo 9001:2008 (How can I calculate the number of sessions to implement 27001: 2013, taking into account that it will be implemented 9001: 2015 and had 9001: 2008?) -
Project risk assessment
I need to prepare a checklist for project risk assessment. This is related all within company projects. Project types can be software development, infrastructure revamping, any new product, hardware, software, new application for instance, skype for business etc. Business will involve me since beginning so I can properly assess the risk and propose controls accordingly. -
ISO 27001 and ISO 9001 integration
If we Implement two ISO (9001 and 27001) at same time, is that possible and can integrated?