Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Advise on Project timelines for ISO 27001 Certification
1 - Our ISO 27K implementation project is on track to complete the documentation phase by the end of March. The plan after that is to have all Control records and evidence in place for an Internal Audit by April 22nd. Thereafter (all being well) the plan is to engage with an external Auditor to commence the external Audit process on June 15th with an aim to be certified by June 30th The question I have is, are these dates realistic? 2 - My second question relates to Major nonconformities. As I understand it, if the Audit finds a major nonconformity we have 3 months to correct it. Is this a fix period, as in we can only move the audit process forward until the 3 months have elapsed, or does it restart after we have resubmitted the evidence that proves we have corrected it. -
Implementation of ISO-27001
I have a question regarding the implementation of ISO-27001. To what extent should the ISMS consider the actions and decisions of the sole owner of an organization? This person supports the implementation of the ISMS and complies with all arranged security practices. However, he/she could theoretically decide to bypass any security controls or simply stop financing the company at any time and no ISMS or business continuity plan could stop that from happening, given that employees don't have the authority to enforce rules or impose disciplinary action. Hence my question, should any of these rules or unlikely scenarios be contemplated at all? -
Video of A17 (ISO 27001 lead implementer course)
The last sentence of A17 is: “this is also called IT disaster recovery”. To what is this referred to? To point 4 only or to the entire section of A17? -
ISO 27001 / ISO 27002 Update
I spoke to the Company’s Quality Team Lead and she mentioned that ISO have issued a new version of ISO 27001, Please confirm if these documents would satisfy the requirements for the new version of ISO 27001? -
Risk Assessment - Must Risk Assessments include business processes and activities?
Hi As the subject says, may I carry our Risk Assessments on a per business system or IT asset group or must I also include business processes and activities? Thanks Lee -
ISO 27001 certifications
We are at the very beginning of thinking about 27001 certification. We are learning about the standard. If we go further, we will have to surround ourselves with people who are ISO 27001 certified. So, my questions: 1. Is it worth it for me to obtain the ISO 27001 Foundations certification? I would like to get it in April 2022. 2. Are “Lead Implementer” and “Lead Auditor” certifications still adequate? -
Question regarding ISO Process
Is the best step forward to now trying to map the risks against the SOA and hand out responsibilities for controls? Or should we instead focus on the risk treatment for our "red" risks? -
Question about ISO22301 template
1 - I am looking for an example of a process dependency matrix. 2 - I am also buys with a very big clients BCP. They have quite a few emergency and evacuation and other plans (SHE, Fire) being a power station. How does one integrate these into the BCP and how do I link this to the Incident management process? -
Software Password Storage
Hi Guys Regarding Software Assets, we have identified a risk that if the passwords/keys for the software are misplaced we no longer be able to use that asset. The control we have implemented is to store all such passwords/keys in a password safe. My question is which document should this control be recorded in? The “Password Policy” document seems to be focused solely on user passwords, not software/keys. -
Clause 4.3: ISMS scope
Good morning. I got a question about clause 4.3: ISMS scope. I described as a scope that all data needs to secured. I find it logic because its the goal of the ISO27001. My question is which angle to look at while making the scope precise.