Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Applicable legislation control in ISO 27001
Do we need to identify only legal requirements related to information security or all the applicable laws and regulations (including HR, environment ... etc) -
How will we evaluate the deliverables of the consultant?
My organization is currently in the process of selecting a consultant for developing the following: BIA, RA, BC strategy, and BCP. Implementation, training and testing will be done by ourselves. -
Use old ISO 27001:2005 format for assessing the risks
VAPT or Risk analysis or risk treatment method has been changed or same as like 2005. Can I use old format for assess the asset register or i have to changed Kindly provide me guideline. -
Competences for business continuity specialists
In our company we have already implemented and certified ISO 14001, OHSAS 18001 and there are certain requirements within the assurance process for the competence of the people, like Awareness, Knowledge and Skill levels (this is how we apply the process for HSE Competencies). So, i wondered if there are any requirements already available for business continuity Specilaists. -
Responsibility for classifying the assets
I have a question about asset inventory, who is the responsible to establish and to assign the propietario of an asset? And, In my company, the assets/information classification is: -
Information Systems Audit Control
I would like to know exactly how to implmeent The control 15.3.1 of ISO 27001 (Information systems audit controls) Is it about logging users activities on systems ? thanks in advance -
Information security policy - including references to clauses of ISO 27001 stand
Shouldn't I include subsections/references regarding the clauses in the 27001 standard (i.e. chap. 4 - 10 and Annex A) in the Information Security Policy that is included in the package? Otherwise how do I ensure that IS policy, as an umbrella policy, covers all IS aspects? -
What types of evidence is normally obtained for each of the controls
Ive watched several of your webinars, which I have found very helpful, and I have a question for you. Im working on doing an assessment of our current ISMS and Im trying to find what questions to ask and what types of evidence is normally obtained for each of the controls. Some of the controls are very straightforward but some of them are somewhat vague so Im looking to find some guidance. For example, control A.12.1.1 regarding documented operating procedures I feel could be interpreted several different ways. I looked on your website and could not locate any guidance when performing an assessment of these controls. Do you have any suggestions on where you think I could find this guidance? -
Who writes the Statement of Applicability?
Now I'm in the Statement of Applicability, but I have some doubts about it, for example, who has to fill the information of the SoA? The CISO or the departments involved? For example, for the controls of the item A.7 Human Resource Security is with the Human Resources Department? And, is necessary to establish the maturity level of those controls? -
Glossary of Terms about BCP
I want to know where can i find a list of term ... as a Glossary to training...???