Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Certify against ISO 27001 2005 or 2013?
I am currently implementing the ISO 27000:2005 ISMS and hopefully certify in June or July of 2014, I can do it with the 2005 version and I have to do with the 2013? Why in that case I have to make the transition. -
BIA questionnaire
Hello Dejan, What´s the objective of the "Time after which the resource is necessary" in the part 2 (Resources required for recovery)? -
How to implement all policies and procedures for stage 2
I've received this question: We have passed Stage 1, Could you please suggest how to implement all policies and procedures for stage 2 and what exactly they check on Stage 2. Answer: At Stage 2 audit, the certification auditors will check if you really operate according to your policies and procedures - so for example if you have written that you will perform backup every 2 hours, then the auditor will check if this is really done so. So the answer to your question is: you have to observe all the rules you have documented. -
Change in risk assessment methodology in ISO 27001:2013
In the new ISMS Standard, is there any change in the methodology of calculating Risk to be adopted? -
Process approach in ISO 27001:2013
ISO 27001: 2013 is said to no longer be used the process approach. Based on that, it means that the ISMS is to apply to the whole organization, or I can continue implementing an ISMS to a specific company process as long as you define (as always should be) the scope where you will deploy. -
Reasonable prices for ISO 27001:2013 and ISO 27002:2013?
I saw on the ISO website that these two standards have been published. Could you please tell me where can I purchase/ receive copies for my personal reference at reasonable prices. ISO offers them at exorbitant prices -
Appendix_List_of_Statutory_Regulatory_Contractual_and_Other_Requiremen ts_EN
How specifically is this list used? I am having a difficult time trying to ascertain what should be listed? -
IS Incident Management Procedures
Hi Dejan, I am actually drafting some ISO 27001 mandatory procedures, Regarding the Information Security Incident Management Procedures, I have noticed that there is 3 procedures : - Reporting IS weaknessess & Events - Responding to IS Reports - Collection of evidences Can I decscribe all this procedures in one general procedure "Information Security Incident Management Procedure" or I should build each procedure separatelty, what is the most convenient? Thanks in advance -
ISO 27001 Lead Auditor training
I am planning to go for ISO 27001 course, and I need some help in it. When I searched for a training center, some training centers were IRCA certified and some were TUV accredited. So, just confused on which one to prefer? -
9001 & 27001
Dear Dejan if acompany have already 9001, should I add any comment in to quality policy anything about 27001? and which documents will be related? by the way I already read your great article about 9001 and 27001 but some subject still vague for me. Thank you for your great support