Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Primeros pasos para iniciar proyecto ISO 27001
Ustedes me pueden ayudar con información de cómo establecer los primeros pasos para iniciar el proyecto de ISO27001. Donde se incluya que va primero y que después muy claramente, por ejemplo, -
More than one risk owner for one risk?
Can we have more than one Risk owner for one risk ? -
Is mandatory to implement all 114 controls?
I have a query regarding preparing the SOA on control objectives and controls. We have 114 controls in the Annexure A coming under different sections. Is that mandatory for us to implement controls for each of the items in different sections. Or can we categorize them as the mandatory ones and non-mandatory ones required to get certified? Also how can I document/convince the auditor on why a control is not required for us? -
How to start with ISO 27001
I just want to learn more about ISO27001 and their requirements.. I'm employed in a tollroad business. How should I implement the ISO27001 and how will I start? -
Approval of documents and risks
What is the process for documenting managements approval of documents and risks? Do meeting minutes suffice? What is best practice? -
General board level governance document that the non IT Director can understand
I am looking for a general Board level governance document that the non IT Director or Trustee can understand and use as a benchmark against which to measure conformance to best practices. Can you help me? -
Validity of the ISO27001 Certificate from Advisera
Dear Sir -
Scope for a company that provides IT services outsourcing
The company provides IT services outsourcing therefore have codes sources or confidential customer information , such information should be part of my risk management ? -
Owners of multiple assets
The Risk Assessment and Risk Treatment Methodology template states "When identifying assets, it is also necessary to identify their owners - the person or organizational unit responsible for each asset." When listing a laptop for example, should it be the person how uses the laptop (or who it's assigned to) or should it be a layer higher than that? My concern is that if we have 800+ employees, that we'd have to list all those individual laptops and their owners. -
Varias preguntas relacionadas con la implementación de la ISO 22301
Hola, estamos implementado la ISO 22301 a partir del paquete que compramos, paralelamente estamos implementado la ISO 27001 donde ya hemos avanzado implementando políticas y procedimientos, aquí hay una carta Gantt ya definida. En relación a la ISO 22301 partimos con la política de la continuidad del negocio, aquí tengo algunas preguntas: