Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
How to document the external and internal context of the organisation
Dear Forum members If anyone can share a sanitised format for documenting context of the organisation would be immense help to me as I am preparing documentation for ISO 27001:2013 version . Thanks Debasish -
step 1 of transmission guid
In your white paper "Twelve-step transition process from ISO 27001:2005 to 2013 revision" step1 please give me some examples in association with local community and arrangements. Is it local community Informal groups within the organization? What is the meaning arrangements? do yo meaning Prioritization or not? -
Change the top-level policy
hi In 12 steps to transmission to new version of standard in step4: Change the top-level policy , Do we necessarily have to change ISMS policy to information security policy? or Can We not change this policy ? thanks -
How does an organization become able to audit / certify against 27001?
In your blog posting https://advisera.com/27001academy/blog/2010/02/15/how-to-get-certified-against-iso-27001/, you outline what an audit target does to become ISO 27001 certified. What does an auditing organization do to be able to do the certifications - to issue three-year certificates? -
Incident management procedure-A.16.1.5 is new control?
Hi in standard ISO27001:2013 and in step 10 transmission steps document, Incident management procedure (control A.16.1.5) is new control who describe how to respond to different types of incidents, who is responsible for what, who must be informed, etc but in ISO 27001 2005 revision, information security incident management : reporting information security events and weakness(A.13.1 control) management of information security incidents and improvement(A.13.2 control) is already exist. what difference between scope and interfaces? please explain difference both of them. thanks -
step2
Interface) in transition processHi what means "interface "in step 2 from transmission steps ti implement ISO27001:2013 ? how to define interfaces? what difference between scope and interfaces? we implement ISO27001 2005 revision in our organization and we have ISMS scope policy, so we must Define interfaces in the ISMS scope. but I don't know to do it. Please guide me on this issue. thanks -
ISO27001 recertification to 2005 or 2013
Hi Dejan, We are certified to ISO27001:2005 and our certificate expires during December 2014. From the information we received it looked like we would need to certify to the 2013 version during the recertification audit because you can't be certified to 2005 after October 2013. However I have recently been told that actually we can be certified to 2005 during our recertification audit in December 2014 because there is a two year transition period once a new version of the standard is released. We can then be certified to 2013 during surveilence audits in 2015. Can you tell me which is correct? Thanks, Mark -
Taking into account existing controls in the risk assessment
We are on a good way on doing the risk assessment at the moment. There are a lot of controls that are already on place. We have assessed the risks as if we did not have to existing control and then again with the control. Question is, should we add the existing controls already to the risk assessment table or only start thinking those at the risk treatment table? -
Liniking the risk assessment with business continuity management
I've read a lot about BCM but uptil now I cant link the risk assessment step with the business continuity management. To make it more clear what if I bypass the risk assessment step from the bcm lifecycle, what is the adverse effect that will take place or what will be the defect in my BCP? -
Qualitative and/or Quantitative Risk Assessment
Hi, Dejan, Understand that we can use Qualitative or Quantitative approach to the risk assessment, can we use both in the methodology? i.e. Qualitative to define Consequences, and Quantitative to define Likelihood? Regards, ys