Please select user.Assign
There are no topics yet.
how much time does an org need to implement ISO 27001 after workshop of Lead Implementor?
1. To meet the ISO standards for Operations Security and Security Incident Management, is implementation of a cybersecurity tool necessary?
2. How much history of “records” is needed to show the auditor evidence of newly formed operational processes?
3. Typically, once the ISMS prep is completed, how long after can a company get certified?
4. Typically, for a small company, less than 20 employees, 5 sites, how long does ISMS project take?
5. What are some examples of the information assets for the inventory list for a small company
I’m looking for certifying bodies for ISO27001. PWC is one but am looking for 2 more to get a quote from. Preferably located in ***. Any suggestions?
1. What is the role of the lead auditor and lead implementer in ISO processes?
2. What should an organization have such persons?
How to Perform Risk Assessment
Junto con saludarte, te comento que estoy haciendo mi evaluación de riesgo y tengo unas dudas al respecto.
Por ejemplo, uno de mis activos es el servidor, las amenazas sobre el son varias, por ejemplo: fuego, inundación, etc… si yo ya tengo disminuidas esas amenazas poniendo sistema antiincendios, alarmas, extinguidores, sala aislada, etc…tengo que incorporarlas dentro de mi evaluación? Y de ahí asignarles un valor que resultara en aceptable o inaceptable? O la evaluación de riesgo se hace con lo que ya esta implementado…
(Along with greeting you, I tell you that I am doing my risk assessment and I have some doubts about it.
For example, one of my assets is the server, the threats on it are several, for example: fire, flood, etc ... if I already have those threats reduced by putting a fire system, alarms, extinguishers, isolated room, etc ... I have to incorporate them within my evaluation? And from there assigning them a value that would result in acceptable or unacceptable? Or the risk assessment is done with what is already implemented ...)
1 - Are documents covered by the document control policy only security-related E.g. regulation, or is it any company document?
2 - Is there a clear definition of external documents? The concept seems nebulous. Maybe a sample policy we can look at with some examples of what other organizations do may help.
3 - For example, an email is an external document, so would someone be tasked to archive them somewhere in this policy?
Do you know when the standard is up for changes so I can be a little better prepared?
Is ISO 27002 part of ISO 27001?
Sir I need risk that happens due to work with fiber optic cable