My company uses Skype for communication, Dropbox to share large documents and some of the projects should have access to social networking sites, such as Facebook, Twitter, because their business demands.
SoA
Hello friends,
The Statement of Applicability (SoA) is applied only to the process of the scope of the ISMS?? or it's applied to whole organization??
Thanks you for your help
Best regards
must I finish the project that implements the controls selected for getting ISO
27001 certification?When I am in process of implementation of ISO27001 I will have to implement several controls that going of Risk Analysis. This controls are going to generate some projects that can extend in the time.
If I want to get a ISO 27001 certificacion, then I must wait to finished the projects for getting the ISO 27001 certification? or isn´t necessary?
Thanks you for your comments and feedback
Information Security Objectives and management support
Hi friends,
A question, where I can to include the management support and the Information security objectives?? In which document?? The management support could be understand explicity??
Thanks you for your attention
Best regards
Difference between Risk Treatment Plan and Risk Assessment Report
I understand the difference between the Risk Assessment and Treatment plan V the Risk Treatment Plan but what is the difference between the Risk Treatment Plan and Risk Assessment Report
10.8.5 Business Information systems
I would like to know how to implement the control 10.8.5 Business Information Systems, is there any procedure that we should create, is it about the interconnection (data exchange) between systems?
Many Thanks
Questions about ISO 27001 & ISO 22301 Premium Documentation Toolkit
First and foremost I was thinking there would be a separate templates solely for ISO 22301 instead of what I have now as the ISO 27001 control BCP templates.
ISO 27001 - must you implement all the 133 controls?
I would like to do next question about ISO27001. when you are developing ISO 27001, must you be implementation all controls of ISO 27001?, the 133 controls?...or only the controls that apply?
Risk analysis tool
Hi friends,
Could you tell me if you use a risk analysis tool? Which? could you recommend me some? Has anyone used PILAR maybe??
Thanks
Best Regards
Preventive actions in ISO 27001
The old version of the std was referring to preventive actions and the new one no longer (chapter 10).