Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Conformio - Company Settings and Users
1 - When completing the Risk Register are we choosing the Assets / Threats and Vulnerabilities without any controls in place? We are then to add existing controls into the Treatment Plan? 2 - Also, in terms of an asset register for 27001 Compliance, is the asset list deemed sufficient on Conformio or should we have an asset list that details each asset a user has along with an asset tag? User A – Mobile001, Laptop001, Tablet001 User B – Mobile002 Etc etc -
ISO 27001 Conformio expert question
So, at the moment, I cannot see any documents populated under the Documents module of the software. I assume it's because this is a trial account but will have all the necessary documents available once we purchase the full version. Is this where all the ISMS manual sections (e.g., Context of the organisation, Leadership, Planning, Support etc.) would be housed because the flow of items on the homepage of the software doesn't necessarily have you working to complete the ISMS manual first I don't think. -
Paper documents found in warehouse
I’ve just found a bunch of paper records in our warehouse, mostly supplier contracts and VAT receipts (financial records). Do these need to be kept in a locked cabinet? I believe so but wanted to check. -
ISO 22301 toolkit - disaster recovery plan
I am currently preparing a business continuity plan using the ISO 22301 documentation from Advisera. Question #1 The company is quite specific. The basic IT infrastructure is provided by the parent company, while the IT infrastructure for our main product is located on the servers of the hosting provider. I wonder if there is a need to have a separate dedicated disaster recovery plan, instead of specific activity recovery plans. One of the activities in the company is responsible for the development of the main product and the procedures for possible restoration of the main product will be on their side. On the other hand, recovery after a disaster in matters related to other software provided by the parent company is the role of the parent company's IT and it has its own disaster recovery strategies and procedures. In your opinion, can I skip the separate disaster recovery plan in such a situation? Question #2 Is chapter four of the business continuity recovery plan template sufficient against standard clause 8.4.5? Or should I supplement my recovery plans with additional steps? -
Question about ISO 27001 and ISO 27002
As far as I understand ISO doesn't dictate us to compliance with 27002 Does these 45 documents in the toolkit covers all 26 requirement management system and 114 control points? I'm asking 27002 because I don't know if ISO will ask me if I have some installation, management or monitoring procedures for systems. We don't have such time to prepare it. If this is not the case, we are ok I believe. -
Questions regarding ISO 27001 documentation
Dear all, I’m writing to you on behalf of the company *** and its CEO *** , who bought the toolkit We would like to ask you for some help regarding the possibility of using the following sentence in the compilation of the ISO27001 documents: 1 - Regarding the users (destinatari in italian), in your documents the term used is employees of the company. Since other subjects could be involved in the politics and procedures, we were wondering if we could use the following sentence for all the documents: Destinatari di questo documento sono tutte le persone che rientrano nel perimetro di applicabilità del SGSI di ***. Translated in english: The users of this document are the subjects who are included within the perimeter/scope of the company ISMS applicability. 2 - The second question: Within the Documentation in A.9.1 Politics for the Access Control there is a document called La Dichiarazione di Accettazione dei documenti del SGSI. The translation in english should be something like Declaration of the ISMS documentation Acceptance. What is this document actually about? Is there a form of this document that we could use? Thank you in advance for your help. -
local country leadership in trying to align ISO 27001 certs
Hi, My issue is that I have businesses in a number of European companies that are ISO 27001 certified, and I want to see if I can achieve alignment and consistency. If the scopes are different and they are all certified by different bodies and the end dates are different - what would be the best approach to this. If indeed it is feasible? How would I even assess any alignment - Gap analysis? -
Supplier information security requirements
For the implementation of ISO 27001:13 in part A15. Supplier relationships now I really need the supplier information security requirements. Could you send me this file? thanks in advance. -
How Annex A controls relate to ISO 27001 Requirements
Can you please explain to me how the 'ISO27001 Annex A Controls' relate or map to the 'ISO27001 Requirements'? -
Document Control
ISO 27001 does not require anything specific for document control really - just that the company defines a document control process which addresses those 4 requirements.... distribution, access, retrieval, and use; storage and preservation; control of changes; retention and disposition Am I right?