Considering the procedure for documents and record keeping:
Documenting RTO and RPO
When documenting RTO and RPO for mission critical processes, should both be reported in a band? i.e 0 - 4 Hrs, or should it be reported as 4 hrs. What are the implications for both.
Policy elaboration
I need information on policy formation for an organization.
Security in suppliers relationship
In the contract with an external supplier there is nothing about information security but they say that they have an internal security policy with all employees. Is that enough? Or should we write something in the “information security policy for supplier relationship”?
ISO 27001 implementation and certification and ISO 9001
Step by step ISO 27001 implementation and certification, if we have already have ISO 9001:2008 certification
Residual risk
1 - How to evaluate the residual risk after some of action items have been completed?
Risk standards comparison
I'd be interested to hear any useful comparisons to other risk standards such as FAIR or OCTAVE.
ISO 27001 and COBIT 5 relationship
I still need to know relationship with cobit 5. must we implement both?
Are residual risks mandatory?
Regarding the residual risk review (after controls applied) – does this have to be done for the standard?
ISO 27001 implementation
1) What to expect from consultants who help us implement the ISO 27001?