Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Internal/external issues
1) what are the internal issues that could influence your information security ? 2) what are the external issues hat could influence your information security ? 3) Do we need to document these issues once found ? -
procedure for Identification of Requirements
Hello I have gone through the procedure for Identification of Requirements document of Advisera and I have following four queries in my mind. Please help me in it. 1) What is the process of identification of interested parties, as well as legal, regulatory, contractual and other requirements related to ISMS ? 2) Who is usually responsible for identifying such requirements ? 3) Could you elaborate what sort of requirements with the help of an example ? 4) who is responsible for evaluating the compliance of ISMS with relevant legal, regulatory and contractual requirements ? -
Relationship between ISO 27001:2013 and ISO 27003
Would you please guide me what is the Relationship between ISO 27003 and ISO 27001:2013 Implementation ? -
How to define scope of ISO 27001 for software development company
How to Define scope of ISO 27001 for software development company -
What if an organization is not interested in surveillance audits?
What action to be taken if any organization is not interested in surveillance audit? -
Can we handle ISO 27001 implementation remotely?
Can we monitor Security of our geographically dispersed offices through SOC (security Operations Center) ? For instance, cyber-security of *** office from ***? -
How to integrate ISO 27001: 2013 with HIPAA security rules
How to Integrate ISo 27001: 2013 with HIPAA security rules ? or can we achieve HIPAA compliance by just implementing ISO 27001:2013 in letter and sprite ? -
To whom will the auditor speak to?
In the process of ISMS Audit , with whom the auditor will ask questions? Is he/she going to ask queries with CEO (a non-tech person) or to the Information security guy? -
Information security board
i'm interesting if you have had any good practice with Information security board Regulation? is there any kind of document which regulates the actions of management board? or can give clear information how to organize all this kind of staff?? for instance: responsibilities, voice voting, elections inside board for choosing decision during risk treatment or implementation of controls? -
Excluding certain departments from the ISMS scope
Is it possible for me to exclude certain departments within my company ( let's say HR for example ) from the ISMS Scope and still be eligible for the ISO 27001 certificate?