SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Approval of documents and risks
What is the process for documenting managements approval of documents and risks? Do meeting minutes suffice? What is best practice? -
General board level governance document that the non IT Director can understand
I am looking for a general Board level governance document that the non IT Director or Trustee can understand and use as a benchmark against which to measure conformance to best practices. Can you help me? -
Validity of the ISO27001 Certificate from Advisera
Dear Sir -
Scope for a company that provides IT services outsourcing
The company provides IT services outsourcing therefore have codes sources or confidential customer information , such information should be part of my risk management ? -
Owners of multiple assets
The Risk Assessment and Risk Treatment Methodology template states "When identifying assets, it is also necessary to identify their owners - the person or organizational unit responsible for each asset." When listing a laptop for example, should it be the person how uses the laptop (or who it's assigned to) or should it be a layer higher than that? My concern is that if we have 800+ employees, that we'd have to list all those individual laptops and their owners. -
Varias preguntas relacionadas con la implementación de la ISO 22301
Hola, estamos implementado la ISO 22301 a partir del paquete que compramos, paralelamente estamos implementado la ISO 27001 donde ya hemos avanzado implementando políticas y procedimientos, aquí hay una carta Gantt ya definida. En relación a la ISO 22301 partimos con la política de la continuidad del negocio, aquí tengo algunas preguntas: -
Some types of assets
If I have Some types of assets like persons, services and computers I have to classify them too? Or only the information assets? -
Opportunities in the methodology of risk assessment?
I am confused because I created one information security risk management procedure which is the methodology of risk assessment; Do I need to put something related to opportunities in that procedure or not? and do i need to add something in my risk register? like opportunities? -
Controls for a cloud provider
Does ISO 27001 certification require control maturity for systems that are new to a deliverable model? For example, if a business unit were to deploy a company standard SQL image into a cloud provider infrastructure would the cloud provider have to have control maturity or are the current controls in place for on-premise data centers sufficient? -
First things in ISO process
In the ISO process, what are the first things you should look at ? What I want to is what will fall in line with top priorities so you can create a flow chart and work from the most critically important to the the less significant issues and can you build upon each ?