Please select user.Assign
There are no topics yet.
Could you please clarify the relation between having Asset management process in place and Information classification policy.
- Our Assets (Laptop, Desktop, Servers and SW license) and we have defined the full cycle in the process
- Our Information classification is mainly for documents and processes (Confidential, Restricted, Internal use)
Thus I would appreciate it if you can explain/clarify the following points:
- Do we need to classify our Assets or label it as (Confidential, Restricted, Internal use) or do we need to add another category for assets
- Do we need to classify the info on Assets !! but if Laptop (as an asset) has documents confidential and documents restricted ? in this case laptop as an asset
Is considered to be confidential or restricted ?
Please what is the difference between PRACTITIONER vs lead implementer iso 27001 certification
How do you scope an organization to be iso27001 certified?
In terms of commercial and Employee contracts, as interested parties, should there be a clause in the contracts to cover information and security? If so, is there a standard clause that can be used to cover this?
I know these would need to be legally checked, but in your opinion, is the following a reasonable outline to be working with?
'Information management. *** operates under the guidelines of ISO27001 and The Data Protection Act (2018). Both parties must adhere to the specified processes and practices outlined in the company's Information Security Management System (ISMS).'
'Intellectual property. All rights to Intellectual Property remain with ***.
Can you advice me on GCP security controls which comply with ISO 27017 with respect to application level security..could you please help me with that..would be a great help for me?
What does acceptable use of assets intend to say in the control number A.8.1.3
If you could help to understand how Can I make evidence to RPO and RTO?
Please can you define what constitutes ‘data’ under the ISO27001 criteria? Data is everywhere. Is it just sensitive data that we need to capture within our ISMS scope? How do you define sensitive data within both the internal and external business context?
I know from Dejan’s webinars on ISMS scope, that we only need to have in scope where data is processed that is in our control. Not data that is processed that is out of our control.
I would like you to tell me how ISO 27001 is related to international requirements on data protection, telecommunications, incident investigation
Dear Dejan, trust you are well. I am doing my first Asset Based Risk Assessment and I am using your book Secure and Simple. What to do with assets such as company mobile phones which do not have access to the company network and are not used to send any information in emails etc. Do I list them in the Risk Assessment?