SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Validity of an ISO 27001 Certification to an organization
Similarly if I am gonna get certified as a lead auditor what is the validity period of my certification? Awaiting the help :-) TIA -
Deviations and exceptions in the Information security policy
When the company defined a Information Security Policy. What could be consider exceptions to this policy? The question is related to the point 5.1 of ISO 27002 Processes for handling deviations and exceptions. How can identify this deviations? -
Shortest time necessary before applying for ISO 27001 certification
What is the shortest time necessary that we should run the steps CHECK and ACT, before applying for the certification of ISO 27.001? -
Referring to the Business continuity policy from the ISMS documentation
If we want to get certified against 27001 and we have existing business continuity policy, do we still need to state it on our ISMS documents? Will the auditor audit specifics of it even if only want to have the 27001 certification for the meantime? -
Any controls for BCMS like ISMS?
Are there any controls for BCMS like ISMS? please help to understand this. -
Who owns the risk?
We are planning for ISO 27001 certification for one delivery center located at some location. Delivery center IT management (Networks, Servers, Security, Helpdesk, Application) required to deliver services to customer remotely is managed by other IT team which are not the part of scope. -
Which policies to implement before the certification
My question is about policies: E.g. I have 10 policies that are created and fully implemented, 15 policies that are created, but partly implemented, some policies that are planned, but not created yet, some policies that are created, but not implemented. How critical is it, when I have policies that are planned, but not created yet and when I have policies that are created but not implemented? Does that endanger my accreditation? -
Asset Inventory: 'Printer' - Justification!
Hi there, WRT to Dejan Kosutic statement on Asset Inventories, Since ISO 27001 focuses on preservation of confidentiality, integrity and availability of information, this means that assets can be: Hardware – e.g. laptops, servers, printers, but also mobile phones or USB memory sticks. Can someone with a real time example, clarify how assets like printer would play a role in CIA in ISO 27001. Thanks in Advance.. :-) -
How essential is a 'Scope Diagram' in the Scope Document?
Hi all, I have happened to see some of the scope documents which do have a scope diagram, drawn with set of associated departments are domains with the main domain/dept in scope. In my case I don't have any such associations to my department in scope. Some documents also have a scope diagram and doesn't even have one! So, how important or essential is the scope diagram towards the ISO 27001 implementation? TIA -
RARTP vs NCPA
Risk Assessment and Risk Treatment Vs Non-conformities Corrective and Preventive Actions: How dos the play an impact in real-time? Can someone give me a real-time example on how things move around with these two. TIA