I have one quick question, if I may I'm realy consused between backup policy and backup procedure? for example the backup frequency, should i specify the frequency in my policy or in procedure ?
How to record measurements against ISMS Metrics
Hello,
I would like to know how is the measurement against the defined ISMS metrics shown to the auditor.
For e.g. if the metric says "how many number of systems exist with outdated patching level out of all the systems".
Does the evidence have to be shown to the auditor by way of a form ? Does each ISMS Metric need a form to be submitted as an evidence of measurement taken.
Regards.
Implement ISO 27001 in a small business
Keys risks for DRP
Residual Risk Management
Procedures and documented procedures
Health and Safety Policy
Options to treat risks associated with a project
Qualitative and quantitative risk assessment methodologies