Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Request for clarification on assessment report
A slightly related question to the article I am reading on your web site (List of mandatory documents required by ISO 27001 (2013 revision)) - Is it reasonable to request the assessment report and the treatment plan from a vendor during a vendor risk assessment? -
ISO 27001 / TISAX certification
I’m supporting an ISO 27001/TISAX certification. Right now we are unsure about a very specific problem: We need a precise definition for “sensitive work fields and positions” so we can identify these and implement them according security regulations. Thank you for your help. -
The best tool for risk management
What is the best tool for risk management? -
What ISO directive requires surveillance audit?
What ISO directive requires surveillance audit? I am interesting about 27001 specially -
How to start using the ISO 27001 / ISO 22301 Toolkit
I have a first question. As objectives for our ISO 27001 certification, I added some details as follows; To implement the Information Security Management System in accordance with the ISO 27001 standard by June 30, 2022 at the latest. Achieving the ISO 27001 standard certification is a must to: · Comply with many customers’ requirements that purchase services through SaaS platforms. This is a business enabler; · Protect our customers by minimizing the scope and potential impact of security threats: o Loss of data o Sensitive data exposure Is this a good practice to do so ? Is it sufficient ? As a SaaS provider, should I add more details and/or reasons ? My second question is about a new location we'll add around February next year. Our goal is to get certified by end of June 2022. In February, we'll probably open a new sales office in the US. What would be the impact of opening this new site from an ISO 27001 certification standpoint ? -
Third Party Agreement with Cybersecurity clauses
Yes at the moment I am looking for Sample Third Party Agreement with Cybersecurity clauses in it that needs to be embedded into each vendor contract. Do you have a copy of it and can you share it with me? -
Comparison between ISO 27001 Documentation Toolkit and the EU GDPR & ISO 27001 Integrated Documentation Toolkit
Can you please advise if all documentation under the EU GDPR & ISO 27001 Integrated Documentation Toolkit covers the documentation under ISO 27001 Documentation Toolkit documentation as I see that there aere a few differences (e.g. Business Continuity - Disaster Recovery Plan) not part of the integrated version toolkit -
Can ISO 27001 and certification body be from any country?
Can we get ISO27001 from any part of the world or from the same country where the company is? certification body can be from any country? -
Increasing the Scope of the ISO27001
Hi Dejan and Rhand, thank you so much for always being there to answer our queries. Hopefully, other readers can also benefit from these questions. I have recently got the company I work for to re-certify for ISO27001. Our scope is only for the UK office. However, when I did the works I ensured that everyone in the business were involved for example Security awareness training. We are increasingly getting request from clients who are asking us “whether you have plans to extend the IS027001 to include every office around the globe. In order to increase the scope what would be the basic process needed. Any inputs would be much appreciated. I also have the Secure and Simple book written by Dejan are there any particular chapter in there that may give me further guidance. -
Dúvida no preenchimento dos documentos
Dúvida 1: Alguns links apontados nos comentários não estão mais disponíveis, existe alguma atualização? Dúvida 2: Alguns documentos falam em “[cargo]”, gostaria de saber qual a forma mais aconselhável de alterar essa variável? Se por um cargo existente mesmo que esse cargo esteja em várias funções ou preencher com um cargo a ser criado mas que interinamente será ocupado pela mesma pessoa? Dúvida 3: Com posso saber quais legislações são obrigatórias para minha empresa/situação?