Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Information and Classification Policy
While we were writing this policy we have come up with the solution to have three level classification - client confidential, business confidential and public. -
Policy Version Control
Hi, Our organization ISO 9001 & 27001 certified. Tow year before we are implemented the incident management policy, the policy version number is (Ver 1.0). Last year as per the management direction the information security incident management policy was migrated with QMS policy. Owing the information security incident management policy was obsoleted. Current financial the QMS incident management policy is not effective, hence the management decided that, the information security incident management bring back to live. Please guide us, what is the version I can provide the policy. Because the existing one already obsoleted. Now I can provide the version number from the start or I can follow the old version number. If you suggest follow the old version number or new version number means, provide the valid reason for the same. We can communicate to the management. Thanks in advance. G Thanikachalam -
Difference between clauses 5.1.e and 6.1.1.a of ISO 27001:2013
In ISO/IEC 27001:2013 Standard do you see any difference between Section 5.1.e and Section 6.1.1.a or both are same ? -
Interpretation of A.14.2 : Security in development and support processes
Some BPO (call center) companies exclude all controls of A.14.2 thinking that this set of controls is only for software development organizations. I am of the opinion that development is applicable to design of services and solutions in non-software service organizations too. Which view is correct? -
ISO 27001 Implementation
My Question is what are the lessons learned/key insights/war stories/top tips/key dos and don'ts when implementing ISO 27001. -
A question about asset inventory
I understand the asset inventory is a mandatory document for ISMS based on 27001:2013, my doubt is, this inventory should be formalized and signed for the High Management? -
Taking into account the existing controls during the risk assessment
I have a quick question regarding the risk assessment template that I got from you. During the assessment, where assess the impact and likelihood do I take into account the existing controls that I already have? If yes, then in the column existing control do I fill in in accordance to ISO 27002 controls? Please advise. -
Certificate validation
our company get ISO 27001:2005 certificate in *** from CIS company. I don`t know that certificate is valid in ISO website (iso.org) or not. how to check ISO certificate validation for my company or my country? -
Difference in business continuity in 27001:2005 and 27001:2013
What is the difference in regard with business continuity in 27001:2005 and 27001:2013 in Annex A. Many organizations think, that if implemented 27001, they also implement 22301. -
Information Asset: Business Applications and their Scope
We are planning to implement ISO 27001 and the scope is our Data Center and IT department