Mandatory ISO 27001 documents and major nonconformity
I have a question, I find a list of mandatory documents and records and Non-mandatory documents that I should prepare for external auditor as I will mentions them below:
Asset owner and custodians
ISMS implementation project vs DLP software purchase
I am part of team of a project implimentation of an information security management system (ISMS), and we are in a phase of launch the project and our application scope is audit and monitoring the web applications. the probleme is there are two other projets is a phase of launch which are acquisition software DLP ( DATA LOSS PREVENTION) and acquisition software for source code audit , My question is :
Implement all the controls before certification audit?
For SOA, status should be Implemented for all applicable controls before final audit or even Planned is acceptable.
ISO 27001/ISO 22301 Toolkit for SAAS environtments