Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 22301 Maintenance Audit requirements
Hi everyone, The company I joined in January this year was ISO 22301 certified in 2013. The maintenance audit is coming up and I'm not sure what the audit entails because I'm relatively new to ISO 22301 - do they re-audit everything or do they focus on specific areas/documentation? I've found a few ISO 22301 audit checklists online, but nothing really relating to the maintenance audits. Can anyone help so I can start planning for the audit? Thank you! -
Senior management does not want to spend money and resources
The sr. management does not want spend $ and bring additional resources on sight! [As an IT Sec. consultant I am in a catch 22.] -
Applicability of A14 for Data Centre
A large sized organization wishes to implement and certify only the IT Data Center - specifically IT infrastructure. The application development and maintenance is completely excluded from the scope of implementation and certification. -
ISMS and Cloud computing
"Does one need to get ISO/IEC 27001 to get ISO/IEC CD 27017? Is it possible to scope ISO/IEC 27001 to JUST the cloud environment? " -
How do we identify what are the regulatory, contractual and other requirements
How do we identify what are the regulatory, contractual and other requirements that needs to be part of ISMS. There may be many which need not included under ISMS. -
ISMS scope for data center
If the datacentre is outsourced and located in a different country, how do we cover that in the ISMS scope document. The customer data resides in the datacentre. Also if the office is spread across multiple location, does the ISMS implementer travel to all the location for implementation. -
3rd party security policy vs. Information security policy for supplier relations
According to ISO 27K requirement (Information security policy for supplier relationship) may i know what is different between 3rd party security policy and Information security policy for supplier relationships? -
Is it an NC
Hi Experts, I have a doubt on a situation, if NC can be given or not. An outsourcing company which provides training to other companies receives new contract of training every year. This contract contains list of student who will attend training. So, during audit, you find a requirement from customer that student information should be protected as per Govt. Procedure 888. The contract manager says, he does not know about Govt. procedure 888, and only read student names to be trained. All previous year contracts does not have this Govt. Procedure 888 requirement. Apparently, they do have their own procedure to protect student information. Now, I say it is an NC as per 4.2(b), that they failed to identify contract requirement. As per my mate, it is not an NC, as they still have their own procedure to protect student information. What is your view on this. Thanks Prashsax -
27001 Scope
« My organisation cut across 4 primary physical locations. For the purpose of our isms, we have include only two locations. My challenge is that I have departments with teams cut across the 4 locations. The teams don't have duplicating functions but they all input into each other. Hence how can I successfully de-scope such units." -
ISO 27001 / Planned intervals
Hi , can anyone please explain : Planned internals ? Shall I plan for example the management review : every year , every 6 months ? Because it is hardly possible , They are busy people and I meet them when possible planned dates that can be advanced or delayed , it depends on their availability.