Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Comparison between ISO 27001 Documentation Toolkit and the EU GDPR & ISO 27001 Integrated Documentation Toolkit
Can you please advise if all documentation under the EU GDPR & ISO 27001 Integrated Documentation Toolkit covers the documentation under ISO 27001 Documentation Toolkit documentation as I see that there aere a few differences (e.g. Business Continuity - Disaster Recovery Plan) not part of the integrated version toolkit -
Can ISO 27001 and certification body be from any country?
Can we get ISO27001 from any part of the world or from the same country where the company is? certification body can be from any country? -
Increasing the Scope of the ISO27001
Hi Dejan and Rhand, thank you so much for always being there to answer our queries. Hopefully, other readers can also benefit from these questions. I have recently got the company I work for to re-certify for ISO27001. Our scope is only for the UK office. However, when I did the works I ensured that everyone in the business were involved for example Security awareness training. We are increasingly getting request from clients who are asking us “whether you have plans to extend the IS027001 to include every office around the globe. In order to increase the scope what would be the basic process needed. Any inputs would be much appreciated. I also have the Secure and Simple book written by Dejan are there any particular chapter in there that may give me further guidance. -
Dúvida no preenchimento dos documentos
Dúvida 1: Alguns links apontados nos comentários não estão mais disponíveis, existe alguma atualização? Dúvida 2: Alguns documentos falam em “[cargo]”, gostaria de saber qual a forma mais aconselhável de alterar essa variável? Se por um cargo existente mesmo que esse cargo esteja em várias funções ou preencher com um cargo a ser criado mas que interinamente será ocupado pela mesma pessoa? Dúvida 3: Com posso saber quais legislações são obrigatórias para minha empresa/situação? -
Doubt in filling in documents
Good morning, We acquired the document kit for ISO 27001 and I have doubts about how to fill it out. How can I clarify these doubts? Doubt 1: Some of the links pointed out in the comments are no longer available, is there an update? Doubt 2: Some documents mention “[position]”, I would like to know what is the most advisable way to change this variable? If for an existing position even if that position is in several functions or fill with a position to be created but which will temporarily be occupied by the same person? Question 3: How can I find out which laws are mandatory for my company/situation? -
Documents considered as next-level projects
Hello Dejan, Thank you for meeting with me on Friday. As you mentioned during the meeting, the following documents should be considered as next-level projects since they are not needed for our company. Am I correct in that assumption? 04.2_Cloud_Security_Policy_Cloud_EN.docx 04.3_Policy_for_Data_Privacy_in_the_Cloud_Cloud_EN.docx Furthermore, I would appreciate it if you could see the attached and tell me which step you mentioned is not applicable to us? (If any) -
Compliance review
If you are performing a compliance review of a company who says they are ISO 27001 certified, what can you ask for to determine if they are certified and meets my companies security posture as a vendor? Can I obtain an audit report and annex A? -
Combining the ISO 27001 policies into one manual
Hi Dejan, I hope you are well? I have been requested by one of my seniors to combine all of the ISO27001 into one manual handbook. I was wondering is this practice a good idea? Also if its ok to do how does this apply to version controls and review etc. As always you and your team’s advice is highly respected and regarded. -
Revisione
Good evening, the inspector who will carry out the audit reported the following documents to us: Organization chart, Integrated System Manual (or equivalent), Information security policy, Context analysis, Applicability statement, Risk analysis, Asset List, Continuity Plan, Disaster Recovery, Last Management Review. Internal Audit Results and Reports. Do you have any information on those documents that they have requested from us but which are not present in the kit?