Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Report on selection of software technology
In one of the documents I am working on for one project, I am asked for a report on the selection of software technology. Are you familiar with such a report under another name, or can it be agreed arbitrarily? -
Questions about laws and regulations
Regarding the Laws and regulations page in your site https://advisera.com/27001academy/knowledgebase/laws-regulations-information-security-business-continuity/ 1. Is the information updated? Can we use it as it is? We operate in USA, Germany, China, also a bit in Spain, and England 2. Is this list valid for both the control A.18.1 Compliance with legal and contractual requirements and clause 4.2 Understanding the needs and expectations of interested parties? Or, what is the difference? -
Conformio - Bring your own device policy
When thinking about this policy we have a company rule that only company laptops can be used for professional purposes. However, how should we treat personal mobile phones? They are not in the company network so do we include them also in the scope of the BYOD policy in Conformio? -
Template for guideline for testing and controlling measures for protection of information security
As my role as a CISO I am looking for a template for a guideline for testing and controlling the measures for the protection of information security which the German BaFin has set out in chapter 4.4 of the BAIT. Do you have a template or template that I can use as a guideline? -
Data center questions
1 - We can get a certificate for an empty data center? I mean that the data center is now empty without any IT equipment. The equipment will be connected later after we certify 2 - And what are the data center dependencies if my ISO scope is going to be a datacenter only? -
Toolkit content - A.6.1
Where is A.6.1 Internal organization Is it covered in your document pack? As I cannot find it. -
Context of the Organization, where is this in Conformio?
Where in Conformio are clauses 4.1, 4.2 and 4.3 addressed? We completed stage 1 a few weeks ago and the auditor listed this critical finding "Cl. 4.0 Context of the Organization is not determined" We are scheduled for stage 2 in 1 week, and need to find/create this document fast. -
Corporate using of Conformio
Thank you for the following… I’m already testing the 30 days trial Conformio platform, it look’s very interesting! I have one question related to the corporate using of Conformio, I work in a mid-size company that has 2 different business units, if I want to implement ISO 27001 for both business units in a different timeline, Do I need to purchase 2 licenses of Conformio? or just with one license Can I manage the ISO 27001 implementation for both? For example, one this year and the other in 2023? Those B.U. are not different companies, but they have different structure with different IT departments for example and different interested parties for the ISO 27001 certification accomplishment. -
SoA - controls
When a status of a controls says "Planned" and there is no document but only a task there, does this mean we need to develop our own policy? For example control A 6.1.2. has the status "Planned" however the implementation method is a task and there are no documents :
How do I cover this and controls with similar status? Do I need to develop my own policies in that case?