SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Is Asset register required?
mam find out the asset register is required -
Delay in implementing the controls
The company i work for got certification for ISO 27001 a while back, and as part of the implementation team, during our risk treatment we scheduled most of the controls to a future date to be implemented before the second audit, but the date is passed and the second audit is scheduled for November. I want to know the implications of this and any advice on how to deal with the controls. -
How to treat suppliers that are ISO 27001 certified
We have a data centre who manages our data and they host our Office 365. The office we rent is in a shared building, they provide us with a channel which links us with our Data Centre. They are both ISO 27001 certified - do I class them as suppliers in our ISO 27001? If I do what information do I need from them, what documents do I need to produce and do I need to audit them? -
How to treat an ISMS document that is due for review
How do I treat an ISMS document that is due for review but has nothing in it to be changed or updated. This mostly has to do with the Revision History and Next Scheduled Review Date section. -
Asset value
Supposedly I have an Asset with Confidentiality=5, Integrity=5, Availability=5. What would be the my Asset Value? is it 15 or 25? I am confused. -
Documenting the information security objectives
Our auditor asked for some documentation to check. This includes the documentation on information security objectives. As I understand it, this is included in the informations security policy. Is this correct or do we need an extra document on this? -
Focus the ISMS scope
We are planning to focus the scope on IT Department only could this be treated as the entire organization will be treated as outside world. What is your advise? -
Contents of Internal audit program
Is there another article/other information about what specifically to put in the audit plan? is it sufficient to just mention in your program that you will audit according to your criteria with attention to assessing compliance with the standard and taking into account results from previous internal audits? or is necessary to clearly define what you will audit in each cycle in the audit program? -
Clarifications reg GAP Analysis.
Hi team, during the implementation of an ISO 27001 in an organization which is providing info sec services which has got employees rolled up not more than 100, is it mandatory to do GAP analysis? (as this project is considered to be a green-field ones). If yes, what are all the phases in which I can do GAP Analysis? Has that to be mandatory while starting the project? when it shall be done during ending the project? Could it be done anytime in the middle, during the progress? Kindly clarify the doubts. TIA. -
Audit Doubt
Consider, I am implementing ISO 27001 in an organization, meanwhile I am also preparing some documented evidence as a part and parcel of organization's progress like evidence of competence among employees which has not been done so far. After completing all the implementation and the documentation works and doing an internal audit I may go for a certification body audit. My doubt here is, during the certification body audit, will there be any questions on the process as it has been recently devised and implemented? TIA