Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Catalogue of threats/vulnerabilities
-
Necessary documents
-
Controls in progress
-
Declaring a Disaster
Currently we have a stated time to: a) assess an incident and declare a disaster (12 hours) b) activate Recovery Plans to re-instate customer systems (8 hours) However, looking at this from a customer perspective, they could argue that this adds up to an RTO of 12+8 = 20 hours. Can anyone offer advice on how to document (contractually) and manage customer expectations? Of course, we are putting the microscope on how we can improve the time for a) -
BIA and RA
-
Online service
-
ISO 27005
-
Frequency of updating the Statement of Applicability
I would just like to inquire on the frequency of updating the statement of applicability? Is there a need to update it after ISMS implementation? Say for example during the initial phase, one of the controls is not yet implemented but after a year, it was already documented and already in practice. Do we have to update the SOA because of that change? -
Risks database
Hi Everyone , Does anyone know where can we find a public risks database. Thank you . -
CISA and CISM