Please select user.Assign
There are no topics yet.
Há algum tempo atrás tivemos evidenciadas não conformidades devido a uma auditoria externa. Gostaria de saber se com as ferramentas disponibilizadas, seria possível ter os elementos para responder a estas não conformidades e também fazer frente a outras auditorias.
(Some time ago, non-conformities were evidenced due to an external audit. I would like to know if with the tools available, it would be possible to have the elements to respond to these non-conformities and also to face other audits.)
Gracias por la información alcanzada, tenemos algunas consultas.
1.- Hay alguna diferencia entre el ISO 27001:2013 e ISO 27001:2014? teniamos entendido que el 2014 era la versión mas actual. Nuestra implementación queriamos
basarnos en el 2014.
2.- Actualmente estamos dentro de nuestro proceso estamos en la etapa de Diagnostico, para ver los factores críticos dentro
de los procesos. Para esta etapa que Plantillas serian mas recomendables a Usar.???
3.- Una vez terminada la parte de Diagnostico, nuestra siguiente etapa era ya realizar la implementación del SGSI indicando los controles
necesarios y Monitoreo. Al respecto hay alguna recomendación con que plantilla comenzar la parte de implementación?
Agradeceriamos mucho alguna sugerencia o indicarnos que información a revisar mas profundamente para poder encaminarnos mejor.
Has ISO 27001 give any recommendation or rules to be respected on usage of documents based on their level of classification. for example: a document classified confidential, is it permitted to be saved on public cloud, on which conditions.
We are contacting you regarding a request we have: the auditor are asking about this point 7.4 Communication in ISO-norm. We bought the templates from you, but the templates does not include this point. Could you please provide a template for this point 7.4?
7.4 Communication The organization shall determine the need for internal and external communications relevant to the information security management system including:
a) on what to communicate;
b) when to communicate;
c) with whom to communicate;
d) who shall communicate; and
e) the processes by which communication shall be effected.
hi can I add a new control to SoA after certification and before surveillance audit
I am hoping to offer a service to UK /European organisations to help them identify areas of bias and inequalities particularly in the areas of gender pay and advancement and pay gaps relating to ethnicity and disability.
I am speaking to a US company who could process the data for the results I want with their Artificial Intelligence.
What would be the steps necessary to ensure that both the transmission and processing would be compliant in every regard?
How to persuade leadership to purchase
What I need is the ISO 22301 compliance matrix, to identify the Implementation Guide. If possible, complete ISO 22301 standard.
I am currently managing the quality department of a medium size company. xx employees, xx sites. We are ISO 9001, 14001, 27001 and eIDAS certified.
We are currently using excel to do our different risk analysis. Quite efficient... but not really user friendly. For the last couple of months, I have been trying to find out if anyone would have thought of something more dynamic. Without much success I must admit.
Would you mind advising if you ever came across a solution dedicated to risk analysis ? One that could be implemented in small businesses, practicable, affordable, not requiring 10 consultants working weeks on it to implement it ?
Any advise would be welcome.
How CIA Triage And privacy severity of the asset (Asset Value) to be aligned along with Impact & Probability in risk management?