1. Hi, my company purchased templates from you for 22301. As I look through some of the docs I'm seeing some discrepancy in how documents are named and referenced (eg, Business Continuity Management Policy v Business Continuity Policy).
2. I have a question on the "Risk Treatment Plan": according to 03.1, this document template should be in the 04 Toolkit Folder, but I do not see it in our package. Is this Plan just another title for the Methodology, or am I missing a document template? Thank you for your help!
03.1 Business Continuity Policy refers in Paragraph 3.3 to a Risk Treatment Plan, which I don’t see elsewhere in your list of documents. Is this the same as one of the documents in the 04 Risk Assessment and Treatment folder?
Extended controls documentation
I can’t find the ISO-27018 Extended controls documentation. Kindly get me the information
Business Impact Analysis Methodology
Yes, I already have the first question:
In section 2.5 Amount of work, its text is not really clear.
Would you please elucidate about what is meant with "... the periods with highest workload peaks are identified, and the minimum business continuity objective is determined"?
Microsoft tools for compliance
I have a question regarding Microsoft tools for compliance. My IT-department says this tool/software should be enough when implementing ISO 27001. I don’t think so, but I need good arguments to meet their point of views. Maybe You can help me.
My question is if it is enough with the tool from Microsoft (Microsoft Compliance) when implementing an ISMS according to ISO 27001.
My IT department thinks it should be enough with checking compliance by using this tool. That's why I am currently not able to buy tools from Advisera and other suppliers. I think it is not enough because building an ISMS is more than checking compliance by means of this tool (MS Compliance).
What is your point of view here?
ISO 27001 certification
Como puedo contactar con la consultoría adecuada para certificar mi organización en ISO 27001, o que puedo hacer para poder certificarme en ISO 27701?
How can I contact the appropriate consultancy to certify my organization in ISO 27001, or what can I do to be able to certify myself in ISO 27701?
Asset to Vulnerability Error
Hello. How am I Able to add the Person Responsible for The Nonconformity in Conformio Wizard for the Procedure for Nonconformities and Corrective Actions?
BIA - The time after which the resource is needed
I hope you are doing well. My question is about resource availability during a business impact analysis.
I based my BIA analysis on the Advisera form. In connection with the audit, there was confusion in the context of defining the "time after which the resource is necessary". How should this field be understood? As an example: the MAO time for an activity is 24 hours. The assumed RTO time is 12h. Resources needed for restoration are: 3 people, 1 key system, telecommunication links. By "immediately" do we mean immediately after the incident occurs, or after the activity has been recovered, or do we assume the time we give the employees to react/start the activity.
Risk register versus Statement of Applicability - number of controls
I work with a small company and we've just completed RR. This took us to the SoA. I can see 54 controls to address. My gut feeling is that this is not enough to achieve the certification. What are your thoughts/experiences here, please?
Register of Requirements
1 - Quick question, why is there no ability to have people review the register of requirements like there are for the other documents?
2 - Also, same issue with permissions again. Only one person can work on this doc at a time.
Document handling in Conformio
The process around “Documents of external origin” seems a bit out of date. In practice we need to go out and find these documents on the internet, and also our organisation is 95% remote working. Documents relating to ISO 27000 are very unlikely to physically arrive to our office. We would prefer to fully rewrite this process.