Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
How to start using the ISO 27001 / ISO 22301 Toolkit
I have a first question. As objectives for our ISO 27001 certification, I added some details as follows; To implement the Information Security Management System in accordance with the ISO 27001 standard by June 30, 2022 at the latest. Achieving the ISO 27001 standard certification is a must to: · Comply with many customers’ requirements that purchase services through SaaS platforms. This is a business enabler; · Protect our customers by minimizing the scope and potential impact of security threats: o Loss of data o Sensitive data exposure Is this a good practice to do so ? Is it sufficient ? As a SaaS provider, should I add more details and/or reasons ? My second question is about a new location we'll add around February next year. Our goal is to get certified by end of June 2022. In February, we'll probably open a new sales office in the US. What would be the impact of opening this new site from an ISO 27001 certification standpoint ? -
Third Party Agreement with Cybersecurity clauses
Yes at the moment I am looking for Sample Third Party Agreement with Cybersecurity clauses in it that needs to be embedded into each vendor contract. Do you have a copy of it and can you share it with me? -
Comparison between ISO 27001 Documentation Toolkit and the EU GDPR & ISO 27001 Integrated Documentation Toolkit
Can you please advise if all documentation under the EU GDPR & ISO 27001 Integrated Documentation Toolkit covers the documentation under ISO 27001 Documentation Toolkit documentation as I see that there aere a few differences (e.g. Business Continuity - Disaster Recovery Plan) not part of the integrated version toolkit -
Can ISO 27001 and certification body be from any country?
Can we get ISO27001 from any part of the world or from the same country where the company is? certification body can be from any country? -
Increasing the Scope of the ISO27001
Hi Dejan and Rhand, thank you so much for always being there to answer our queries. Hopefully, other readers can also benefit from these questions. I have recently got the company I work for to re-certify for ISO27001. Our scope is only for the UK office. However, when I did the works I ensured that everyone in the business were involved for example Security awareness training. We are increasingly getting request from clients who are asking us “whether you have plans to extend the IS027001 to include every office around the globe. In order to increase the scope what would be the basic process needed. Any inputs would be much appreciated. I also have the Secure and Simple book written by Dejan are there any particular chapter in there that may give me further guidance. -
Dúvida no preenchimento dos documentos
Dúvida 1: Alguns links apontados nos comentários não estão mais disponíveis, existe alguma atualização? Dúvida 2: Alguns documentos falam em “[cargo]”, gostaria de saber qual a forma mais aconselhável de alterar essa variável? Se por um cargo existente mesmo que esse cargo esteja em várias funções ou preencher com um cargo a ser criado mas que interinamente será ocupado pela mesma pessoa? Dúvida 3: Com posso saber quais legislações são obrigatórias para minha empresa/situação? -
Doubt in filling in documents
Good morning, We acquired the document kit for ISO 27001 and I have doubts about how to fill it out. How can I clarify these doubts? Doubt 1: Some of the links pointed out in the comments are no longer available, is there an update? Doubt 2: Some documents mention “[position]”, I would like to know what is the most advisable way to change this variable? If for an existing position even if that position is in several functions or fill with a position to be created but which will temporarily be occupied by the same person? Question 3: How can I find out which laws are mandatory for my company/situation? -
Documents considered as next-level projects
Hello Dejan, Thank you for meeting with me on Friday. As you mentioned during the meeting, the following documents should be considered as next-level projects since they are not needed for our company. Am I correct in that assumption? 04.2_Cloud_Security_Policy_Cloud_EN.docx 04.3_Policy_for_Data_Privacy_in_the_Cloud_Cloud_EN.docx Furthermore, I would appreciate it if you could see the attached and tell me which step you mentioned is not applicable to us? (If any) -
Compliance review
If you are performing a compliance review of a company who says they are ISO 27001 certified, what can you ask for to determine if they are certified and meets my companies security posture as a vendor? Can I obtain an audit report and annex A?