Hi Dejan and team, I purchased the ISO 27001 Document set a while ago, am I entitled to a discounted upgrade to the new 2013 templates? This is presuming that you have updated the templates.
Which is first - BIA or risk assessment?
I´ve got a question about the order between BIA and RIA, what is the correct order? In DRII is RIA process and then BIA but had read in others organization that is BIA first and then RIA.
Addres change after certification
Dear Dejan,
what if a company gets the certification and relocates the company after two months?
do we have to inspect again or just paperwork is enough?
and my second question is
for a server room, I adviced to my client to have a digital lock for server room but they are planning to move in 3 months, Is it ok IT manager keeps the server room key and keeps logs and signitures for key use?
Corporate information security policy
If there is a corporate information security policy, what sort of information should be added into this policy so that it can comply with the 2013 ISO standard?
Excluding secure development from Statement of Applicability
If we don't have any development activities in our org. So secure development is not applicabpe and secure dev policy accordingly not needed. So what shoud I put in SOA as existing controls for controls number
Documenting the record control
In my opinion, in addition to the four documented procedures which you had mentioned, an organization shall document and implement controls needed for the identification, storage, protection, retrieval, retention and disposition of records. While elaborating the controls, it will become mandatory to document the activities, responsibility, authority, time frame etc. Eventually it results in documenting and implementing a procedure for control of records.
Is the latest 2013 revision of ISO 27001 finalized?
Can you please tell me if the latest revision of the standard is finalised. If yes, the a company who wishes to implement ISMS should follow the latest revision i.e. ISO 27001 - 2013 or the old one.
4 questions related to ISMS
1) Is the ISMS Manual required for the certification? Can you add clauses for the ISMS in the existing IMS Manual?
Performing risk assessment for both ISO 27001 and ISO 22301
How I can perform risk assessment for ISO27001 and ISO22301? Should I perform this separately?
Responsibility for identification of requirements
About "Procedure for Identification of Requirements" - who usualy in small companies is responsible for Identification of requirements and interested parties - COO, or CISO, or someone else?