Frequency of updating the Statement of Applicability
I would just like to inquire on the frequency of updating the statement of applicability? Is there a need to update it after ISMS implementation? Say for example during the initial phase, one of the controls is not yet implemented but after a year, it was already documented and already in practice. Do we have to update the SOA because of that change?
Risks database
Hi Everyone ,
Does anyone know where can we find a public risks database.
Thank you .
CISA and CISM
IT-GRC and ISO 27001
Business continuity and crisis management
Just wanted to enquire if the process of crisis management is integrated into the bcp information provided by your company? Crisis management planning being the process of initiating a crisis management that can operate independently alongside or separately of the bcp process?
Rules for writing and approving documents
Do we have to include "users" when writing procedures?
What to list in Risk assessment table
In the column Asset of my Risk Assessment Table shall I list also processes and activities which could have any risk, or just hardware, software, network, human resources?
Call Tree Test
SoA before or after the Risk assessment & Risk treatment