Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Nonconformities and incidents
-
Implementation method and status of controls in Statement of Applicability
We are working on completing the SoA and are a bit confused on how best to fill in the implementation method and status. In a number of cases, we have a current method in place to address a control but we don't consider that method to be fully adequate as a control. So we plan in the near future to develop a more extensive control. -
Handling documents of external origin
I have a question. For the PROCEDURE FOR DOCUMENT AND RECORD CONTROL, is section 4 really needed? It seems odd to track incoming packages, every single piece of email, etc. I'm also unfamiliar with the concept of an incoming mail register. -
Assistance on nonconformities
Request you help and assistance on couple of minor non conformities. -
Backup policy vs. Backup procedure
I have one quick question, if I may I'm realy consused between backup policy and backup procedure? for example the backup frequency, should i specify the frequency in my policy or in procedure ? -
How to record measurements against ISMS Metrics
Hello, I would like to know how is the measurement against the defined ISMS metrics shown to the auditor. For e.g. if the metric says "how many number of systems exist with outdated patching level out of all the systems". Does the evidence have to be shown to the auditor by way of a form ? Does each ISMS Metric need a form to be submitted as an evidence of measurement taken. Regards. -
Implement ISO 27001 in a small business
-
Keys risks for DRP
-
Residual Risk Management
-
Procedures and documented procedures