To permeate in the organization the importance of the security issues, which is the best way, you recommend, to train/instruct/evangelize the subject?
Do you have any Checklist/Criteria for selecting the right software tool for operating Business Continuity Management System that meets ISO 22301:2019 std. requirements
1. Does the external auditor need to sit privately with the internal auditor and see his IA plan and its IA report and verify all his findings?
2. Does the external auditor have a commitment and or obligation to verify his findings and corrective actions taken? Or simply look into his plans and its final report.
3. It’s well known that IA is not fully impartial and his IA report might not be a bit biased and or impacted by his senior management if he/she is not independently reporting to the highest authority?
4. Can the Internal audit out of transparency disclose any Nonconformities to the external auditor and or any thing that the external auditor himself can not find during his short visit?
Thanks in anticipation and appreciate your support.
Just out of curiosity, how far is the ISO27001/GDPR package away from being ISO-27701 compliant?
In the Incident Management Procedure there is a section called “Managing records kept based on this document”. Unfortunately I could not find a good definition for it t determine how to handle it. It would be great if you could help me more resources about this part of policy
I was asked to develop a (*Subject) for a small organisation with no more that 1500 words and it's not very specific as to have user profile A,B...etc.. and their designation, their rights and all. How do I start with it?
Can you provide me with an example list of cybersecurity risks associated with 5G technology?
What is the difference between ISO 27001 A.18.2.1 and 9.2 Internal audit?
Do you have an example lists of potential risks for a 100% digital market place that I can use as basic reference by any chance?
Working on the risk part (6.1 in ISO27001) where we actually build in best practices to counter potential risks pro-actively, but having a guidance list from other companies would help a lot fore mainly A9 and A10 to see if we can thinking of the right kind of risks.
All will be adjusted to our specific platform of course, but any initial draft would be appreciated
Please what are the risks posed by third party’s or suppliers? I mean examples of Information Security risks that are posed by third parties i.e. suppliers, partners and customers, for example, hardware devices such as routers, switches, telecom lines, firewalls, software applications, ICT services such as risk assessment, penetration testing, computer forensics investigations, etc,