Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
People as single point of failure
Request you advise, as a finding for PEOPLE AS SINGLE POINTS OF FAILURE, what will be the suitable ISMS control? -
Issue based risk assessment?
Is it necessary to conduct issue based Risk Assessment for ISO 27001? I read on this site that it is ok to have asset based risk assessment. but when i see clause 6.1.1 of the standard, I am getting confused. -
Defining the scope
Defining ISMS. We are a ********* company and we have clients in the UK requiring us to be ISO 27001 compliant and certified. We are potentially targeting a 3rd party data center in the UK where we rent rack space as well as one of our local offices. I am wondering if we should define the scope further down to one particular system we use to support client data or scope the data center (multiple systems) and one of our locations. -
To be compliant, what is the minimum to be done?
As the first step, we want to be a ISO 27001 compliant organization, and then later get a certification. To be "compliant", what is the minimum that we will need to do? -
Validity of an ISO 27001 Certification to an organization
Similarly if I am gonna get certified as a lead auditor what is the validity period of my certification? Awaiting the help :-) TIA -
Deviations and exceptions in the Information security policy
When the company defined a Information Security Policy. What could be consider exceptions to this policy? The question is related to the point 5.1 of ISO 27002 Processes for handling deviations and exceptions. How can identify this deviations? -
Shortest time necessary before applying for ISO 27001 certification
What is the shortest time necessary that we should run the steps CHECK and ACT, before applying for the certification of ISO 27.001? -
Referring to the Business continuity policy from the ISMS documentation
If we want to get certified against 27001 and we have existing business continuity policy, do we still need to state it on our ISMS documents? Will the auditor audit specifics of it even if only want to have the 27001 certification for the meantime? -
Any controls for BCMS like ISMS?
Are there any controls for BCMS like ISMS? please help to understand this. -
Who owns the risk?
We are planning for ISO 27001 certification for one delivery center located at some location. Delivery center IT management (Networks, Servers, Security, Helpdesk, Application) required to deliver services to customer remotely is managed by other IT team which are not the part of scope.