SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Contents of the Risk assessment report
Can you confirm if the Risk Assessment Report should contain all the results of risk assessment (ie acceptable risks and non-acceptable risks? based on the risk values that have been deduced? And the risk appetite of the business -
Risk assessment for ICS or SCADA?
Is there any specific risk assessment for ICS or SCADA ? NIST 800-82 -
Risks in many site offices
Could you please let me know how should I assess risks and document the same when I handle many site offices spread across and each having different levels of threats. Could you please share with me a typical folder structure of what must be included in my network documentation to achieve ISO 27001 cert got example. I am having a central head quarters with many site offices. -
Requirements for an internal auditor position?
What requirements are needed for an internal auditor position? -
Auditing the ISMS
Please help in auditing the ISMS. How we start and all the process. What are the main things that auditor look for in isms auditing? -
ISO 27001 vs NIST, CIS and Common Criteria
How does the ISO 27001 compare ( differences, advantages and limitations) to other frameworks such as NIST CSF , CIS Critical Controls and Common Criteria ? AND How does an organisation decide which framework is suitable for it ? -
What to include in Information security policy?
I am trying to compile my Information Security Policy and the above subject/areas are not as clear cut as I would like. Do you have to include both your products and the services of your organisation and is there a simple definition for them both to ensure I put the right details under each heading? Secondly if I include the like of Partnerships, Supply Chains and Relationships with interested parties do these then need to have a service level agreement to ensure they are providing us of what we need and they are compiling to our ways of working especially in relation to security. -
How long should the ISMS be in place before going for the certification audit
How long must these ISMS controls be in place before being able to get an audit? IN other words, some of these policies will be new and we are just creating and implementing them as we go through the process of trying to get certified. Do certification boards need to see these policies in place for a specified period of time first? -
Procedure for document control - only for ISMS documents?
With regards to the "Procedure for Document & Record Control" document--is this only referring to documents pertaining to the ISMS? In other words, it isn't referring to ALL internal and external documents, programming code (our business is on software development and consulting), invoices, etc. ? We are strictly talking about documents pertaining to the maintenance and guidelines around ISMS--yes? -
Governance framework and management reporting
We currently have our Auditor in and all's going well with the help of your 27001 toolkit I procured from you. They are asking me to show that we have a Governance framework and Management reporting in place. Is there a template for me to start creating a documented Governance framework you could supply?