Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
A.15 Control section
I have a question about A.15 why does Y2005 call Third parties but Y.2013 call supplier? -
Naming of ISO 27001 Annex
Why does iso 27001 domains starts from annex A.5, but not A.1? Is there any specific reason or are there any other unused/ old domains? -
Question regarding ISO 27001 Lead Auditor training & Certification
I hope you are doing well and preparing for the holiday season. You might recall that I completed the Advisera ISO 27001 Lead Auditor Training and Exam in January 2019. I would appreciate it if could clarify whether Advisera’s Exemplar Global Certificate along with auditing experience is comparable to the ISO 27001 Lead Auditor training and certification offered by organizations such as PECB. Thank you! -
Lead Auditor Exam
Good morning Dejan, I trust this mail finds you well. Please provide me clarity with regards to Section 6.1. in your Book ISO 27001 Audit, with reference to the “5 Day Training” required to write the Lead Auditor Exam to obtain the Certificate. Does this mean that the “On-Line Course” provided by Advisera is not sufficient, and that I shall have to enroll with a Training Institution for Classroom Instruction? Look forward to your valued response -
Controls A.17.1
1 - Como definir los controles de seguridad de la información dentro de las actividades del plan de continuidad ? No entiendo si hay que definir en cada actividad como se aseguraría la seguridad de la información o tener un apartado general el plan de continuidad donde se mencioné que en todas las actividades se aplican los controles de seguridad de la información establecidos en los ambientes productivos. 2 - Adicionalmente como se prueba que hay controles de seguirdad de la información en el plan de continuidad? 1 - How to define the information security controls within the activities of the continuity plan? I do not understand if it is necessary to define in each activity how the security of the information would be ensured or have a general section the continuity plan where I mentioned that the information security controls established in the production environments are applied in all activities. 2 - Additionally, how is it proven that there are information security controls in the continuity plan? -
Statement of Applicability in Conformio
Thank you very much for this information! I tested and now it works. So the issue is indeed solved. However I have one question about this task:
I don’t seem to find the correct place to store such information. Could you please advise where such tasks should be handled? Outside Conformio? By creating some specific document? Or is there a place inside Conformio what I can’t find.
-
Question about software
While downloading software, a hash may be provided to do what? I just need to know if it is a genuine number or correct file path? I am not sure -
What does it mean to have security classification in a document?
Want to know what does it mean to have security classification in a document? -
Conformio - Justification in SoA
In the statement of Applicability, I can see preselected controls based on the risks. I’m adding additional controls as well. There is a ‘justification’ box here. Is it mandatory to type why I’m adding these extra controls? -
Project Plan for ISMS Implementation
Using your toolkit, I am preparing our Project Plan for ISMS Implementation. I saw sometimes a consultant's title changed to "Mentor" in the videos for our toolkit, can you explain why? How are they different? In addition, where can we find a mentor?