Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
People "asset" for risk assessment
How we can identify confidentiality, integrity and availability requirements of “people” assets for risk assessment. I will appreciate if you can provide some details. -
Include ISMS documents in the inventory asset?
Do I need to include every ISMS related procedure, guide and document in the inventory of assets? -
Primeros pasos para iniciar proyecto ISO 27001
Ustedes me pueden ayudar con información de cómo establecer los primeros pasos para iniciar el proyecto de ISO27001. Donde se incluya que va primero y que después muy claramente, por ejemplo, -
More than one risk owner for one risk?
Can we have more than one Risk owner for one risk ? -
Is mandatory to implement all 114 controls?
I have a query regarding preparing the SOA on control objectives and controls. We have 114 controls in the Annexure A coming under different sections. Is that mandatory for us to implement controls for each of the items in different sections. Or can we categorize them as the mandatory ones and non-mandatory ones required to get certified? Also how can I document/convince the auditor on why a control is not required for us? -
How to start with ISO 27001
I just want to learn more about ISO27001 and their requirements.. I'm employed in a tollroad business. How should I implement the ISO27001 and how will I start? -
Approval of documents and risks
What is the process for documenting managements approval of documents and risks? Do meeting minutes suffice? What is best practice? -
General board level governance document that the non IT Director can understand
I am looking for a general Board level governance document that the non IT Director or Trustee can understand and use as a benchmark against which to measure conformance to best practices. Can you help me? -
Validity of the ISO27001 Certificate from Advisera
Dear Sir -
Scope for a company that provides IT services outsourcing
The company provides IT services outsourcing therefore have codes sources or confidential customer information , such information should be part of my risk management ?