How ISO 27001 / ISO 27002 applies to a cloud computing environment
Overall ISO implementation plan
I have the project plan template filled out and that is great for my isms documents, but what about my overall ISO implementation plan? Is there a project template for the overall project that lays out the steps in the flowchart?
¿Qué es la ISO 27001?
Form for the Risk acceptance
No conformidad e Incidente de seguridad de la información
BIA for communication department
What indicates a successful implementation of the ISO 27001
Identification of Requirements - level of detail?
Hi
I'm compiling my list of interested parties and their requirements for section 4.2
I have the list of legal/regulatory bodies etc which is very helpful, however I was wondering what level of detail I need to go into? For example, with the Data Protection Act, is it sufficient to include the general principles (e.g. "Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes."), or do I need to specifically include more specific requirements such as, e.g. "those involved in recruitment and selection are aware that data protection rules apply and that they must handle personal information with respect."
It seems that if I go into that much detail, it becomes more of a control application than a scope document, so I'm not sure when to stop!
Thanks