Please select user.Assign
There are no topics yet.
I am working with companies as a consultant and helping them prepare policies they require for ISO27001 and ISAE3402 (also SOC1 and SOC2). I have also managed the audit process for my own business.
My question is what can I do if I get certified that I can't do now? Secondly, do I have to get certified for all 4 - ISAE3402/ISO27001/SOC1/SOC2 or can I do one overarching certification that will apply to all? Also what are the global bodies that accredit ISO certifications and does that apply to Advisera?
Thanks for your help.
Quisiera hacer una consulta….
¿qué documentos, de manera necesaria, se debe presentar a una Auditoría para Certificación ISO 27001, a parte de las políticas, procedimientos obligatorios de ISO 27001?
Por ejemplo: Mapa procesos, manual del SGSI, etc.)
(I would like to make an inquiry…. What documents, in a necessary way, must be presented to an Audit for ISO 27001 Certification, apart from the policies, mandatory procedures of ISO 27001? For example: Process map, ISMS manual, etc.)
I need your feedback on dealing with business processes experience.
Do we limit ourselves to processes that have links with the information system or do we put other vital and commercial processes such as the purchase of raw material, storage… as a process excluded when defining the scope?
What is policy statement?
Does ISO 27001 say that organizations have to understand internal and external issues, interested parties and their requirements, when defining the ISMS scope? Is it correct to say "YES"? Or the understanding has to take place BEFORE and not DURING or WHEN ?
At what stage can I start looking for a job after the course (Security Awareness training) and what role can I apply for?
Could you kindly give me the example of a risk and its correspondence residual risk. So, that it can be made clear for myself.
I'm a little bit confused with some terminologies such as:
Could you please explain these terms giving some examples?
according to your calculator (- Duration of ISO 27001 / ISO 22301 Implementation) we would need 8 months for ISMS or BCMS implementation. How long do you estimate if we implemented both at the same time? Would you recommend implementing ISMS first and then BCMS, or both at the same time in order to use as many synergies as possible?
I ask the same questions regarding ISO 27017 and 27018. Should these be implemented at the same time, or is it better to follow them up according to ISO 27001?
In my Company, we want to establish iso27001 on Whole Organization. We Develop, Establish, and support ERP Solutions. ERP use some web service (Micro Service or API) from some third parties which some of them have licenses and others is free. Is Web Service effect on ISMS Scope?
also, Should we consider the risks of using the API in the risk assessment Process (like Access Control, Malware Analysis, Monitoring, ...)?