Which controls from Annex A can be excluded, if my organization:
Communication Plan and Corrective Actions
We have 3 IT personnel within the Agency IT Department and as we have implemented the ISO 27001 standard a few years back after an IT audit we would like information on how to proceed to get qualifications within this area Any advice on this area and what training path to take would be much appreciated
Security Compliance Management
I thing, that Annex A from 27K1 , part 18 Security Compliance Management is missing in your toolkit or .. I cant find it. This part is necessary for successful certification.
Differences between third party and suppliers
Can you confirm what the differences are (if any) in regards to third parties and suppliers (vendors) In respect to Third party agreement vs. supplier relationships - Im thinking none, is it just a case of terminology??
The owner of the ISO 27001 has been changed to a new departmanet
I do have one critical question, in our organization we already certified on iso27001:2005 under the owner of one department. The organization established new GRC function(department) and one role is to own and manage the iso 27001 certification. Is the certification will be voided if the owner of the iso 27001 has been changed to the new department (the two department are under the same organization)
Information Security Objectives
Based in ISO 27001:2013, "Information Security Objectives" is referred to 'confidentiality', 'integrity', 'availability', 'non-repudiation', and so on...? Is it true?
Additional, How to measure it? And, how would be the plan or framework to achieve them??