ISO 27001 & 22301 - Expert Advice Community

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Declaring a Disaster

    Currently we have a stated time to: a) assess an incident and declare a disaster (12 hours) b) activate Recovery Plans to re-instate customer systems (8 hours) However, looking at this from a customer perspective, they could argue that this adds up to an RTO of 12+8 = 20 hours. Can anyone offer advice on how to document (contractually) and manage customer expectations? Of course, we are putting the microscope on how we can improve the time for a)
  • BIA and RA

  • Online service

  • ISO 27005

  • Frequency of updating the Statement of Applicability

    I would just like to inquire on the frequency of updating the statement of applicability? Is there a need to update it after ISMS implementation?  Say for example during the initial phase, one of the controls is not yet implemented but after a year, it was already documented and already in practice.  Do we have to update the SOA because of that change?
  • Risks database

    Hi Everyone , Does anyone know where can we find a public risks database. Thank you .
  • CISA and CISM

  • IT-GRC and ISO 27001

  • Business continuity and crisis management

    Just wanted to enquire if the process of crisis management is integrated into the bcp information provided by your company? Crisis management planning being the process of initiating a crisis management that can operate independently alongside or separately of the bcp process?
  • Rules for writing and approving documents

    Do we have to include "users" when writing procedures?