I have a question if you can help me please: Is the ISO/IEC 27003:2010 adjustable for implementing ISO/IEC 27001:2013, or is applicable only 2005 version?
Documents of external origin
I have a question about something in the "Procedure for document record control" document. Section 4, titled "Documents of external origin". Being such a small shop, I wonder if this is necessary for us. Can you give me an example of what kind of documents are tracked in the mail register?
Secure Development Policy
14.2.1 control )Hi Dejan.
In ISO27002:2013 standard. in new control 14.2.1 (Secure Development Policy) :
1-What is the meaning of secure repositories?
2- What is the meaning of revision control in ""f) security in the version control""? Does it mean version of software that be developed?
3- Please explain how to consider security in software development life cycle?
Best Regards
ISO 27001 certification
I have a prospect working towards 27001 certification but they are using the 2013 revision and I am still on 2005 revision. I have read your blogs on the changes, etc. but have not yet purchased the updated standard. Can you tell me if the 2013 revision still refers to 11 security control clauses, or has that number changed?
How to update isms policy and risk assessment
I am absolutely fan to your website thanks for all informations that you give us, i have a question about how to maintain our ISMS for the second year of certification: how to update isms policy and risk assessment .. . I didn't find articles related to this in your blog.
Document control in ISO 27001/ISO 9001
Couple of questions about the document control:
ISO 22301 and virtual servers
Hi,
We are preparing our self for ISO auditing where we are going for ISO 22301 certification, and we need to build DRC for our IT.
the DRC will cost a lot, but there is some company here providing virtual environment where you can rent disk space, memory, and process in control environment, this option will save our money & time where no need for any physical construction or physical hardware.
Is this solution acceptable or we need the physical option for certification? (ISO 22301)
objectives in the policy document
When setting the objectives in the Information Security policy document, do we differentiate between ISMS objectives and InfoSec objectives? Are these objectives really the same ?
BCM manual
Based on the list of documents in your ISO22301 toolkit, manual (like any other ISO) is not one of them.
asset ownership
A quick question regarding information asset ownership. What is the most effective way of assigning asset ownership to employees? I am not talking about Information Systems as this was the most straightforward one. Mainly talking about hardcopy documents, electronic documents, etc. Also, who are the owners of employees as assets?