Mi consulta es si existe alguna ISO con relación al Cuadro de Mando Integral Balanced Scorecard
Policy Applicability Questions
If an organization is having its physical data center at another location with a private hosting group. In this case, do the controls for physical perimeter security and data center security would come into play? kindly share the justification as well.
Information Classification Questions
1. Who's responsibility is it to enter information assets into the asset inventory? As the Information Security lead should that be facilitated by me?
Number of not applicable controls in statement of applicability
Dejan,
after two stage 1 audit for two companies I feel me rather confused, because I excluded almost fifty percent of controls in annex A, and the auditor considered this a problem to fix. Is it mandatory to apply almost one hundred controls. The two companies choosed the controls to apply after the risk assessment process, and defined as not applicable those for which there was no risk to treat or no requirement by interested parties.
Various IT audits to an organization
An organization having information assets includes network, security, application assets. What are the various types of audits that can be recommended to the organization from the scratch to cover the compliance level. TIA
What does 'Managing records kept on the basis of this document' mean?
Can I check what does section 4 usually holds in each of the documents - "4. Managing records kept on the basis of this document".
Mobile device management for ISO 27001 implementation?
How MDM can help to implement ISO 27001 MDM-Mobile device management?
Risk assessment - threats related to top management
I am in the process of completing the Risk Assessment table. Can you give me examples of what types of threats that top management could pose in a very small company--5 people?
Implementation and certification support
What certification/accreditation does a company that provides certification support need to have ?
Frequency of the internal audit
Is there a best practice for timing the process review component of ISO 27001? For example quarterly or annually?