Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Benefit of perfoming BIA for a single department
Could you please tell me the benefit of performing BIA for single department using documentation template? I'm trying to perform BIA for all department but some area cannot be covered in the new sheet. -
Statement of Applicability/Annex A Documents
Currently I am working on the Statement_of_Applicability document to properly fill out the different sections, and more specifically A.15 Supplier relationships area. In the Scope document, we specifically excluded suppliers for the initial certification process, but we fully intend to revist that process at a later date. Knowing that "Suppliers" are excluded from the scope, how would we specifically approach Internet Service Provider, Firewall Management Vendor, service agreement vendors, point to point network connectivity services to our DR and satelite office in another city? Would we exclude these external services/outsourced processes, or include them but specifically include the particular vendors for Information Services, as this is our main focus for the initial certification. Suppliers to a container shipping company, such as ourselves, would include any equipment, supplies, maintenance products for our vessels and offices aquisitioned through our co rporate purchasing department or overseas in various ports around the world, so I wanted to see if and where would be the line drawn in the preverbial "sand". Thanks in advance for the assistance. -
List of legal regulatory and contractual requirements
List of legal regulatory and contractual requirements, should be for all organization or just security function? Or IT AND SECURITY? -
Risk identification
Hello, When identifying risks, do we have to take into account those risks that are obvious and are already solved? Like for example: - electricity cut, if the organization has already a generator and it enters in activity automatically? - disk back up if it connects automatically? - internet cut, if we have a two providers and when one has problems we use the other one? -
Steering committes for a smaller company
Is it ok to combine the ismc (info sec mgmt committee) with the itsc (IT steering committee) in one doc as the company is small? -
7 2 2 labeling and handling
Dear dejan, for the documents and the assets (laptops, printers faxes etc) have to be labeled physically ? I mean do I have to type a label and stick on the assets that they are confidential? Thank you so much for your guidence -
Criteria of IT company ISO certification
Can you tell me the criteria of IT company ISO certification. -
General impacts
Hello Dejan, The perspectives (reputation, client´s reaction, backlog,etc) in the BIA questionnaire (section 3) have the same weight? I mean, let´s suppose that i have high impact at 4 hours to "How difficult will it be to catch up on the backlog of work", but to the others i have only marginal or acceptable impact. It´s enough to identify MTPD? -
RTO for IT System
Hello Dejan, If i have a system (ex: SAP) that support two process with different RTO, how i can define which RTO is applicable to my system? I need identify the criticality of my process first? -
ISO training evidence
Are there any templates for ISO Training evidences which we have to show to the Auditor in stage 2?