Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

ISO 27001 & 22301 - Expert Advice Community

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Regarding "information security objectives and planning to achieve them

    There is requirement to document information security objective and plan to achieve them.
  • ISO 27001-2013 - Amended Version

    "Yesterday we received an amended ISO 27001-2013 showing an amendment to Annex A  A.8.1.1
  • BIA MTPD Calculation

    Hello Dejan, Would you be able to tell me where I go again to review the on-line video of how to fill out the BIA template?  I watched it sometime ago but had to put things aside for awhile and now I am back at it again.  I seem to be stuck on the BIA report trying to determine how to come up with the MTPD?   Thanks, Luc
  • BIA & RA Review Period

    Pls let me know, if business impact analysis & risk analysis can be reviewed/updated every 2 years or when there is significant change in business. Most BCP experts recommend...these needs to be reviewed/updated least annually.
  • ISMS Scope Question

    While establishing an ISMS  for an Information Security department ,should I include HR/Finance (and all supporting divisions) as 3 third parties component as they are feeding services to IS Department (the only Dep in scope)?
  • Control 17.2 Redundancies

    I have confusion regarding the Control 17.2 Redundancies. In my ISMS scope, it covers all monitoring systems (EMS - Element Monitoring System) which reside in data centre. total approximately 20 EMSs. but not all EMS have redundancy. for EMS that have no redundancy, the existing recovery plan is only retrieve the backup file. does this plan sufficient to meet the requirement for control 17.2?
  • Supplier relationships

    We buy hardware and other stationery or computer consumables from vendors. However, we do not have any long standing contract with any of them. The proposals are requested on need basis and the purchase order placed. We have a contract with a consultancy for CMMi services. So, do both these categories fall under supplier relationship?
  • Evaluation of the impact of the identified risks

    I wonder if the evaluation of the impact of the identified risks and impact assessment process using the same criteria and the same tolerance, or is there a difference and what happens when we evaluate a process that can generate high impact, but when the assessment of these risks are unlikely, and the residual risk is low.
  • Roles and responsibilities

    Should the ICT service continuity process and disaster recovery plan be managed away from the BCM department i.e should they do their risk assessment without my involvement as a BCM department or I am the one who should be responsible or accountable for this.. Am feeling confused regarding the roles and responsibilities of ICT department and my role as a BCM department.
  • ISMS for scratch card manufacturing unit

    What controls will be not applicable for a scratch card manufacturer? Can you point out any general resource for ISMS for such a unit.