SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

ISO 27001 & 22301 - Expert Advice Community

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Risk Assessment and Risk Treatment Methodology

  • Data/Information Classification in Asset Value

    Hi friends, Could you help me please with this doubt: How or where match The Information Asset Value (in terms of confidentiality, integrity and availability of an asset) with the Data/Information classification (e.g: Public, Internal Use, Top secret). ¿Which is the input of which? or both are independent parameters? Or what is their relationship? How to use these two values in the Asset Valuation final? Thank you so much.
  • Managing the audit process

  • Examples of goals for the ISMS

  • Catalogue of threats/vulnerabilities

  • Necessary documents

  • Controls in progress

  • Declaring a Disaster

    Currently we have a stated time to: a) assess an incident and declare a disaster (12 hours) b) activate Recovery Plans to re-instate customer systems (8 hours) However, looking at this from a customer perspective, they could argue that this adds up to an RTO of 12+8 = 20 hours. Can anyone offer advice on how to document (contractually) and manage customer expectations? Of course, we are putting the microscope on how we can improve the time for a)
  • BIA and RA

  • Online service