Assets valuation and the information classification policy
Regarding 27001 information classification policy, if we are to implement the information classification policy using this purchased document, how we are to factor assets?
Gap analysis for ISO27001 and ISO 22301
1 - Is the gap analysis for ISO27001 also usable for ISO22301?
ISO 27001 Annex A controls and the Statement of Applicability
We have a new ISO27001 auditor who tells us that we must have all of the controls included in our SOA. We have excluded some controls, which he is now going to issue us a finding for not having them in place. Does ISO "require" that we include all controls?
Information Security Policy review
Is it mandatory to make a new yearly version of the Information Security Policy if there is no changes in the scope?
RA and BIA in a single document
Connecting RA and BIA in one place as those are both large documents
FFIEC business continuity Planning and ISO framework
How does FFIEC business continuity Planning hand book tie to ISO framework?
Assets grouping and mapping of controls
1 - In a group of offices which have the same set of asset classes (e.g., information and equipment), and use the same information systems, could we roll these up into 1 asset line for the purposes of the threat/vuln assessment and then assess the common risks and common threats as they will be the same?
Asset inventory question
My question is how detailed this asset inventory should be. For example, the employees laptops are in the scope, do I have to list in this sheet the laptop of each employee or is it enough to have a generic term "employees laptops" and list the vulnerabilities threats in this way. If I use a term like "employees laptops" do I need to make a reference to a more comprehensive list that lists down all the laptops one by one?
Management Representative for ISMS 2013
I was trying to look at your blog for ( do I need MR appointment letter for ISMS 2013 ? ) but unfortunately didn't find an answer , would you please let me know if it is required or not ?