Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISMS metrics, from Product development perspective
Can you provide guidance or recommendations how to develop ISMS metrics, from Product development perspective? -
Acceptance of ISO 27001 Lead Auditor certification in Europe and US
What is the acceptance of ISO 27001 Lead Auditor certification in Europe and the US? Is there specific legal basis in European Union, if yes, what is the name of the legal act, article number as legal basis. For me it is very important, for example, if I undergo training in your company and pass the exam, will it be respected in Europe and how? What and if there are legal barriers to accepting the ISO 27001 Lead Auditor certification? I will ask for a concrete answer in order to better decide whether it is worthwhile to take the course with you and the exam in the above-mentioned scope. -
Business Continuity Management
Could you please help me with Business Impact analysis for Business Continuity Management Annex A.17 in ISMS. As per ISMS requirements we have updated the Business Continuity and Disaster Plan as below Planned alternate site is 10 kilometers away from the primary site. There is no server hardware and internet service available at the moment. Critical Business Processes (based on Business Impact Analysis) mentioned Recovery Time Objective as 24 hours for internet service . Would like to understand how to define this. How to arrive that hours? -
Amendments to ISO 27001 Toolkit
Happy to announce my success in passing the ISO 27001 Lead Auditor Exam. Now that I have had time to revert back to creation of the 27001 Tool, I realise that the Changes referred to in the 2022 versions of both 27001 and 27002 may impact documents such as the SoA, applicable controls etc. Please be so kind as to advise whether the Tool will be upgraded to align with the changes, and if so what are the financial implications to me so that I may be assured my Tool is current -
Business Continuity Policy
I purchased the Business Continuity Policy [ISO 22301 hoping it is going to help me move faster in BC Policy writing. But when I read your BC Policy template’s content, it is totally different than what is required by ISO22301 and far away from the recommendations of BCI experts. Why your BC Policy template does not stick to ISO22301 and BCI recommendations? Because I am bit lost with your BC policy template as I am missing the policy statement, definitions, compliance, consequences for Non-Compliance…. Your BC policy template is nuclear. -
ISO 27001 / Conformio questions
1. How should we treat the risk assessment process? Should we consider all the risks within our company and go over a bit or should we be more conservative? For example, should we consider our CEO being on leave as a risk while doing the risk assessment? 2. In terms of SoA should we mark all the controls as applicable? How should we approach this? -
Role of CISO
Is CISO responsible for physical data/information on paper as well as the digital information? -
Security concepts
I am a PhD researcher and I am looking for useful security concepts for my research. I want to see which ISO framework do you think can be useful as a basis for finding useful security concepts. My research is to provide a framework that helps organizations identify security concepts at the governance and management levels. I am hesitating between ISO 27000 and ISO 27001 and ISO 27014. I would appreciate your help with this regards! -
Changes affecting the documents
I would like to know how these new controls affect our purchased toolkit (Cloud_EN)? Reference: https://info.advisera.com/27001academy/free-download/overview-of-new-security-controls-in-fdis-iso-27002 Should we include this new change in our implementation?