Your support with the following doubt: If in the Risk Management I didn't identified an ISO 27002 control like necessary, Can I to include that control in the SoA anyway, considering its implementation like 'best practice'?
Hi, Can you please let me know what we can use to secure cloud. I have some info about fedRAMP but its too strict. is there any doable and accessible standard available. How close is it with ISO 27001
Assets mentioned by the owner
I was asked a couple of days ago about how to make sure that the assets mentioned by the owner is truly a reliable one and how to distinguish it from other unreliable ones. Appreciate if you helped me in that matter.
Leadership and commitment and Planning - General
In which documents (from ISO27001 toolkit) should I address requirements from clause 5.1, clause 6.1.1 and clause 8.1 ?
Clauses and controls achieved by completing the disaster recovery plan
What are the clauses and controls achieved by completing the disaster recovery plan?
Qualitative and quantitative risk assessmentGet the ISO 27001 certification
I need to know difference between qualitative and quantitative risk assessment with examples, do you have any blog on this or can you please send a mail with answer.
Disaster recovery site
Do we require a disaster recovery site to pass iso 27001 certification?
Verify if a company is certified with ISO/IEC 27001
How can I verify if a company is certified with ISO/IEC 27001 standard?
I have one question regarding the procedure of documentation control (7.5). This document defines how to handle documents which are produced within the ISMS such as BYOD Policy or Risk Assessment Methodology but what about documents which are in the company anyway. I am talking not only about policies which were issued long before the implementation process even started or documents which you would actually include as Assets. I am thinking of stuff like contracts, Mail, E-Mail.... Does the documentations control procedure apply to those as well?