Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
To whom to handover confidential data in case of a disaster?
In ideal condition we have a management team who is authorized to access particular data. but during any disaster (fire ,flood, breakdown attack etc) how to manage these important files or to whom we have to handover any confidential data.? -
Mandatory processes
ISO 27001 there are mandatory procedures, such as the audit process, but that is the same in ISO 27002 ? if so what are the mandatory procedure and references are. -
List of Legal, Regulatory, Contractual and Other Requirements
For the above subject, we do not have suppliers with whom we have contracts. What exactly should come in this document? Can you give me some examples? -
ISO 22301 Maintenance Audit requirements
Hi everyone, The company I joined in January this year was ISO 22301 certified in 2013. The maintenance audit is coming up and I'm not sure what the audit entails because I'm relatively new to ISO 22301 - do they re-audit everything or do they focus on specific areas/documentation? I've found a few ISO 22301 audit checklists online, but nothing really relating to the maintenance audits. Can anyone help so I can start planning for the audit? Thank you! -
Senior management does not want to spend money and resources
The sr. management does not want spend $ and bring additional resources on sight! [As an IT Sec. consultant I am in a catch 22.] -
Applicability of A14 for Data Centre
A large sized organization wishes to implement and certify only the IT Data Center - specifically IT infrastructure. The application development and maintenance is completely excluded from the scope of implementation and certification. -
ISMS and Cloud computing
"Does one need to get ISO/IEC 27001 to get ISO/IEC CD 27017? Is it possible to scope ISO/IEC 27001 to JUST the cloud environment? " -
How do we identify what are the regulatory, contractual and other requirements
How do we identify what are the regulatory, contractual and other requirements that needs to be part of ISMS. There may be many which need not included under ISMS. -
ISMS scope for data center
If the datacentre is outsourced and located in a different country, how do we cover that in the ISMS scope document. The customer data resides in the datacentre. Also if the office is spread across multiple location, does the ISMS implementer travel to all the location for implementation. -
3rd party security policy vs. Information security policy for supplier relations
According to ISO 27K requirement (Information security policy for supplier relationship) may i know what is different between 3rd party security policy and Information security policy for supplier relationships?