Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
What if supplier refuses to apply security measures?
In case suppliers refused to apply the required security measures during the ISO implementation (still no certification), how would that affect the certification process? -
Initiating failover to the secondary site
Once a major incident has occurred, at which point does the calculation to initiate and failover to the secondary site, start considering at the time of incident it may not be major but due to the service being critical and the prolonged time for it to brought up again - as an example RTO 30 minutes so after what time of incident occurring can this 30 minutes start since failover will also take 30 min once the decision is made? -
Questions on Risk treatment table
For Risk Treatment Table, do we need to copy all the risks from risk assessment table or only with high risk? -
Beneficios de gestión de riesgos e ISO 27001
Cual es el mayor costo beneficio de implementar un a Gestion de Riesgos basada en esta ISO 27001, a su modo de ver. Esta esto estadisticamente cuantificado en España, Europa, Estados Unidos, etc? -
Everything about ISO 27001
I want to know everything about ISO 27001, it's value to a Bank organization and how to implement it. I also want to pick up career along this part. How can I start? -
Document owner and other questions on document management
1. How can we define the document owner? -
Perform the internal audit
How do you recommend setting up Internal Audit for ISO 27001 in a small company? Everyone is so busy with their day to day tasks and no one is really qualified to 'audit.' I manage the Risk Assessment and the Compliance. Can I do the Audit, too? -
A.16.1.7 Collection of evidence
I would like to know if there is some document or tool that help me to implement the requirement A.16.1.7 of Annex A of ISO/IEC 27001 -
CISO role in ISO 27001 implementation, suppliers and other questions
Can a CISO assume the role of an internal auditor? Can he/she be part of the team for which we are running the ISMS? -
Policy documents
Under the new ISO27001 standard, there seems to be more and more policies needed - e.g. Cryptography, Suppliers policy, etc. Is it really necessary to consider these particular documents as policies per se, or can I consider these as guidelines only?