Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 27001 certification
Como puedo contactar con la consultoría adecuada para certificar mi organización en ISO 27001, o que puedo hacer para poder certificarme en ISO 27701? How can I contact the appropriate consultancy to certify my organization in ISO 27001, or what can I do to be able to certify myself in ISO 27701? -
Asset to Vulnerability Error
Hello. How am I Able to add the Person Responsible for The Nonconformity in Conformio Wizard for the Procedure for Nonconformities and Corrective Actions? -
BIA - The time after which the resource is needed
Hello, I hope you are doing well. My question is about resource availability during a business impact analysis. I based my BIA analysis on the Advisera form. In connection with the audit, there was confusion in the context of defining the "time after which the resource is necessary". How should this field be understood? As an example: the MAO time for an activity is 24 hours. The assumed RTO time is 12h. Resources needed for restoration are: 3 people, 1 key system, telecommunication links. By "immediately" do we mean immediately after the incident occurs, or after the activity has been recovered, or do we assume the time we give the employees to react/start the activity. -
Register of Requirements
1 - Quick question, why is there no ability to have people review the register of requirements like there are for the other documents? 2 - Also, same issue with permissions again. Only one person can work on this doc at a time. -
Document handling in Conformio
The process around “Documents of external origin” seems a bit out of date. In practice we need to go out and find these documents on the internet, and also our organisation is 95% remote working. Documents relating to ISO 27000 are very unlikely to physically arrive to our office. We would prefer to fully rewrite this process. -
Document references
we are currently working on a certification for TISAX and are using your documents. We are at the point: To what extent are event logs recorded and analyzed? The reference documents: Reference to ISO 27001: A.12.4.1, A.12.4.2, A.12.4.3 Unfortunately, these documents are not included in our package. Are there any documents for this? The same applies to the documents: Reference to ISO 27001: A.12.6 Reference to ISO 27001: A12.7, A.18.2.3 Excited for your feedback -
Info about SoA document
Quick question about the "Justification for selection/non-selection" column: I watched the video, and the examples say that there must always be a risk or regulatory reason, couldn't it also be a requirement of the business or ISO itself? For example, could be A.5.1.1 a business requirement to improve market position? -
Some wondering on the use of the risk management registry
Hello, In the asset list, we found "remote employee" and in the vulnerabilities, we found "working off-premises" and we want to make sure of the correct understanding and the difference of the 2 concepts currently we understand: - "remote employees" as employees usually working not in the head quarter but in a different site owned by the organization (let say an affiliate elsewhere in Europe) using the organization infrastructure (PC, Tools, network, security...) - "working off-premises" as an employee working on a site that does not belong to the organization (let say working at home or on a customer site) but using the organization infrastructure, at least partially (let say the organization's PC but the home or customer's network access) is that correct? We also found that sometime vulnerabilities, threats evaluation and treatment are exactly the same for several asset (ex "rules for working off-premises not clearly define" will have the same threats, evaluation and treatment for all kind of employee (Top management, middle management, specific expert, remote or other). How to manage this the best way to avoid costly redundancies -
List of key roles of the organization for the realization and implementation of ISO 22301
Do you have the list of key roles of the organization for the realization and implementation of ISO 22301?