Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Use of secret authentication information
I have a query on one of the controls in the Annex i.e.. Use of secret authentication information (9.3.1). If the entity opts for the control, what is expected to be maintained as Policy / Procedure and the evidences? -
Controls A.9.3.1 and A.11.2.8
I have questions regarding the following controls: A.9.3.1 and A.11.2.8 - I do not know in which cases can use them. -
NonConformities and Potential Imrovements
Hello, We are now in the course of updating our ISMS documents to comply with the new version of ISO 27001:2013, and I need a help regarding the corrective action procedure: In our current procedure, we are managing both non conformities and potential improvements, and according to the new version, the potential non confromity and preventive action are no more required, so how can we manage the potential improvements raised by employees or raised during the internal audit for example? -
Differences in BCM 2005 and 2013 revision of ISO 27001
How must you update an integrated management system based on ISO27001 from 2005 to 2013 version when you have a BCM implemented, have you specific guiedance for it you can share with me? -
Using scales for calculating risk
If you are using scale (say 1 to 5 FOR IMPACT AND LlKELYHOOD) then computing Risk is easy by adding I + L or multiplying. But if you are using scale as medium, High and Low how you will compute Risk? Looking forward for your guidance. -
Pandemic - BCP scenario
Our organization was once being asked by one of our clients if we address the specific loss of staff, such as that which may result from a pandemic. I am in the process of reviewing our organization's BCP and my question is: What could be the justification to add or include any scenario to our BCP? Since There will be many/unlimited possible available scenarios to be added to BCP. -
ISO 27001 measurement
I was considering the measurement and effectiveness bit of the ISO 27001:2013 standard and i am having problems wrapping my head around it. Kindly advice on the best way to prepare a document for the external auditors on what needs to be measured and how to measure it or if possible a sample template i can work with. -
Incident Log
Who should update the incident log? -
ISO 27001 risk assessment
I do understand how to go with Risk Assessment. I was able to identify the assets, vulnerabilities, threats and impacts. But I couldn't understand from Methodology, how to do the qualitative and quantitative analysis in order to move forward. Please I need your comprehensive assistance regarding this issue. -
Information asset in ISO 27001:2013
For your information, we are now in the progress of transitioning from ISO 27001:2005 to ISO 27001:2013. In the past, we did risk assessment and treatment plan for all types of assets like hardware, software, documents, infrastructure, people. Now, in ISO 27001:2013, can I continue doing risk assessment based on mentioned assets above? Is it OK if we exclude hardware, infrastructure, and people from the risk assessment?