Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Document references
we are currently working on a certification for TISAX and are using your documents. We are at the point: To what extent are event logs recorded and analyzed? The reference documents: Reference to ISO 27001: A.12.4.1, A.12.4.2, A.12.4.3 Unfortunately, these documents are not included in our package. Are there any documents for this? The same applies to the documents: Reference to ISO 27001: A.12.6 Reference to ISO 27001: A12.7, A.18.2.3 Excited for your feedback -
Info about SoA document
Quick question about the "Justification for selection/non-selection" column: I watched the video, and the examples say that there must always be a risk or regulatory reason, couldn't it also be a requirement of the business or ISO itself? For example, could be A.5.1.1 a business requirement to improve market position? -
Some wondering on the use of the risk management registry
Hello, In the asset list, we found "remote employee" and in the vulnerabilities, we found "working off-premises" and we want to make sure of the correct understanding and the difference of the 2 concepts currently we understand: - "remote employees" as employees usually working not in the head quarter but in a different site owned by the organization (let say an affiliate elsewhere in Europe) using the organization infrastructure (PC, Tools, network, security...) - "working off-premises" as an employee working on a site that does not belong to the organization (let say working at home or on a customer site) but using the organization infrastructure, at least partially (let say the organization's PC but the home or customer's network access) is that correct? We also found that sometime vulnerabilities, threats evaluation and treatment are exactly the same for several asset (ex "rules for working off-premises not clearly define" will have the same threats, evaluation and treatment for all kind of employee (Top management, middle management, specific expert, remote or other). How to manage this the best way to avoid costly redundancies -
List of key roles of the organization for the realization and implementation of ISO 22301
Do you have the list of key roles of the organization for the realization and implementation of ISO 22301? -
Request for clarification on assessment report
A slightly related question to the article I am reading on your web site (List of mandatory documents required by ISO 27001 (2013 revision)) - Is it reasonable to request the assessment report and the treatment plan from a vendor during a vendor risk assessment? -
ISO 27001 / TISAX certification
I’m supporting an ISO 27001/TISAX certification. Right now we are unsure about a very specific problem: We need a precise definition for “sensitive work fields and positions” so we can identify these and implement them according security regulations. Thank you for your help. -
The best tool for risk management
What is the best tool for risk management? -
What ISO directive requires surveillance audit?
What ISO directive requires surveillance audit? I am interesting about 27001 specially -
How to start using the ISO 27001 / ISO 22301 Toolkit
I have a first question. As objectives for our ISO 27001 certification, I added some details as follows; To implement the Information Security Management System in accordance with the ISO 27001 standard by June 30, 2022 at the latest. Achieving the ISO 27001 standard certification is a must to: · Comply with many customers’ requirements that purchase services through SaaS platforms. This is a business enabler; · Protect our customers by minimizing the scope and potential impact of security threats: o Loss of data o Sensitive data exposure Is this a good practice to do so ? Is it sufficient ? As a SaaS provider, should I add more details and/or reasons ? My second question is about a new location we'll add around February next year. Our goal is to get certified by end of June 2022. In February, we'll probably open a new sales office in the US. What would be the impact of opening this new site from an ISO 27001 certification standpoint ? -
Third Party Agreement with Cybersecurity clauses
Yes at the moment I am looking for Sample Third Party Agreement with Cybersecurity clauses in it that needs to be embedded into each vendor contract. Do you have a copy of it and can you share it with me?