I was interested to learn about iso 27001 on a personal level, but it is a bit much for a small organization with no formal security, no compliance requirements, and no desire to add security.
I noticed in the article indicated that the clause 7.2 is included in internal issues. I must prove that people involved in the implementation of the ISMS has competence to perform these tasks, or should I just have evidence that gave training to all company employees to become aware?
Your organization and your customer
Please, I would like to ask about ISO 27001. I have on doubt. For example, I selling a SYSTEM. So, my customer has whole infrastructure to support the SYSTEM that he bought from me. Servers, Storage, Network. I just create and install the SYSTEM on the customer environment. All management is customers own.
Implementation, maintenance and improvement of the ISMS
What would be resources for the implementation, maintenance and improvement are ISMS and which document I must inform you
Risk Treatment Plan and Risk Treatment Process
According to this article (Risk Treatment Plan and risk treatment process - What's the difference) risk treatment plan have to set a responsible, it is the same responsible for the risk I determined the risk assessment table?
Clauses and security controls
Your statement of applicability starts with A.5 but your Mandatory Doc starts with a 4.X. Mandatory is 2013 but I am not sure the controls match up?
Identify Internal and External issues
The standard requires that we identify internal and external issues that are relevant to the organization. According to ISO 31000 these factors could be cultural, political, financial, etc. But what about these factors I have to collect and what it can influence the information security?
How to write ISO 27001 risk assessment methodology
many thanks for your mail. I tried the first document template I ordered and I like it. I will try to convince my boss to buy the rest next week. We just started our project for implementing the iso27001 in our company.
By the checklist that is given in these documents there are few templates that seems to be missing.