Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Secure Development Policy
14.2.1 control )Hi Dejan. In ISO27002:2013 standard. in new control 14.2.1 (Secure Development Policy) : 1-What is the meaning of secure repositories? 2- What is the meaning of revision control in ""f) security in the version control""? Does it mean version of software that be developed? 3- Please explain how to consider security in software development life cycle? Best Regards -
ISO 27001 certification
I have a prospect working towards 27001 certification but they are using the 2013 revision and I am still on 2005 revision. I have read your blogs on the changes, etc. but have not yet purchased the updated standard. Can you tell me if the 2013 revision still refers to 11 security control clauses, or has that number changed? -
How to update isms policy and risk assessment
I am absolutely fan to your website thanks for all informations that you give us, i have a question about how to maintain our ISMS for the second year of certification: how to update isms policy and risk assessment .. . I didn't find articles related to this in your blog. -
Document control in ISO 27001/ISO 9001
Couple of questions about the document control: -
ISO 22301 and virtual servers
Hi, We are preparing our self for ISO auditing where we are going for ISO 22301 certification, and we need to build DRC for our IT. the DRC will cost a lot, but there is some company here providing virtual environment where you can rent disk space, memory, and process in control environment, this option will save our money & time where no need for any physical construction or physical hardware. Is this solution acceptable or we need the physical option for certification? (ISO 22301) -
objectives in the policy document
When setting the objectives in the Information Security policy document, do we differentiate between ISMS objectives and InfoSec objectives? Are these objectives really the same ? -
BCM manual
Based on the list of documents in your ISO22301 toolkit, manual (like any other ISO) is not one of them. -
asset ownership
A quick question regarding information asset ownership. What is the most effective way of assigning asset ownership to employees? I am not talking about Information Systems as this was the most straightforward one. Mainly talking about hardcopy documents, electronic documents, etc. Also, who are the owners of employees as assets? -
How to document the external and internal context of the organisation
Dear Forum members If anyone can share a sanitised format for documenting context of the organisation would be immense help to me as I am preparing documentation for ISO 27001:2013 version . Thanks Debasish -
step 1 of transmission guid
In your white paper "Twelve-step transition process from ISO 27001:2005 to 2013 revision" step1 please give me some examples in association with local community and arrangements. Is it local community Informal groups within the organization? What is the meaning arrangements? do yo meaning Prioritization or not?