Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11277 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Plan for the implementation of procedures and controls
My Customer is requesting a documented plan for the implementation of procedures and controls. What kind of document should that be?
Answer:
You can use this brief step by step guide for the implementation of procedures of controls ISO 27001 implementation checklist : https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
You can also use our free resource Project checklist for ISO 27001 implementation (MS Word). You can find it in our free downloads section : https://advisera.com/27001academy/free-downloads/ -
Application service transactions
14.1.3 ISO 27001 Application Service transactions and their controls . Based on the 2013 version and the new control definition I think Its no longer about e commerce, but a more wider application service banner.
Please let me know what is "Application Service transactions" means. I tried doing some googling didnt get much.
Answer:
Application Service transactions means generally any transaction that involves the interchange of information through a network between 2 applications, for example, as you know e-commerce, but also financial transactions between banks, or between a entity with a bank; transactions of database (for example, 2 database that are synchronizing information through Internet); or a ERP that is connected with an externa site where send or receives information.
Anyway, remember that here is not necessary to have a specific document for this control, if you want to know the list of mandatory documents required by ISO 27001:2013, please read this article List of mandatory documents required by ISO 27001 (2 013 revision) : https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/ -
Cumplimiento puntos 7.1 y 8.1 de la norma
Un favor adicional, para el cumplimiento del punto 7.1 y 8.1 de la norma, con qué tipo de evidencias generalmente se cumple este requerimiento?
Respuesta:
En relación al punto 7.1: Necesitas evidencias sobre recursos que la compañía tiene para el establecimiento, implementación, mantenimiento y mejora continua del SGSI. Por tanto, necesitas registros sobre personas: competencias (por ejemplo perfil de puestos), concienciación (por ejemplo registros de asistencia a cursos); recursos financieros (presupuestos); recursos de TI (planes de capacidad), etc.
En relación al punto 8.1: Necesitas registros sobre la aprobación de los objetivos de seguridad de la información, plan de proyecto, procesos externalizados y también necesitas registros sobre la aprobación de posibles cambios sobre estos.
Por último, este artículo sobre los documentos y registros que son obligatorios (y no obligatorios) puede ser interesante para ti "L ista de documentos obligatorios exigidos por la norma ISO 27001 (revisión 2013)" : https://advisera.com/27001academy/es/blog/2015/05/04/lista-de-documentos-obligatorios-exigidos-por-la-norma-iso-27001-revision-2013/ -
BCM tools
https://hub.docker.com/r/buyessay/good_essay -
Download controls
iso 27001-2013, how to download the 14 control, i want control with description
Answer:
There are 114 controls structured in 14 domains, here you can see an overview of them Overview of ISO 27001:2013 Annex A : https://advisera.com/27001academy/iso-27001-controls/
And sorry but we have not a description of each control because you can see this information in the ISO 27001 standard. Furthermore we cannot give the full text of controls because this would break the intellectual property rights. So, you can buy the standard here : https://www.iso.org/standard/54534.html
Anyway, the Statement of Applicability has the applicability of each control, so this document can be also interesting for you. You can see it here (see a free version of the document clicking on Free Demo tab) Statement of Applicability https://advisera.com/27001academy/documentation/statement-of-applicability/ -
Estándares para Data Center
Requiero información sobre la norma ANSI/TIA-942, usted me puede colaborar con esto.
Respuesta:
No tenemos mucha información sobre ANSI/TIA-942, sólo se que está relacionada con Data Centers, pero no conozco muchas empresas en el mundo con esta certificación.
El estándar ISO más relacionado con Data Centers, porque está enfocado en gestión de Servicios de TI, es la ISO 20000. Por tanto, si estás interesado en esta ISO, puedes visitar nuestro blog: https://advisera.com/20000academy/
Y aquí puedes aprender más sobre ISO 20000 "¿Qué es ISO 20000?" : https://advisera.com/20000academy/es/que-es-iso-20000/ -
Information Security Policy or ISMS Policy?
Answer:
ISO 27001:2013 defines that the top-level policy should be called "Information Security Policy", however the old 2005 revision of ISO 27001 called this document "ISMS Policy".
See also this article: One Information Security Policy, or several policies? https://advisera.com/27001academy/blog/2013/06/18/one-information-security-policy-or-several-policies/ -
How RTO is calculated
I would like to know how RTO is calculated with the BIA toolkit.
Answer:
As you know, RTO is determined during the business impact analysis (BIA), so this article can be interesting for you How to implement business impact analysis (BIA) according to ISO 22301 : https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/
And also the tutorial How to Implement Business Impact Analysis According to ISO 22301 and BS 25999-2 : https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/ -
Advise clients to implement ISO 22301
How should I advise clients to begin adopting / implementing 22301?
Answer:
It is a good question. First of all, your clients need to see the benefits of the implementation/certification of the standard, so you will need a brief presentation (talking about compliance, marketing edge, lowering expenses, optimizing business processes, etc). And remember that it is very important that you need to talk with the top management, because they are the people who will approve the project.
Maybe this article can be interesting for you: ISO 22301 benefits: How to get your managements approval for a business continuity project : https://advisera.com/27001academy/knowledgebase/iso-22301-benefits-how-to-get-your-managements-approval-for-a-business-continuity-project/
Finally, this article can be also interesting for you "17 steps for implementing ISO 22301" : https://advisera.com/27001academy/knowledgebase/17-steps-for-implementing-iso-22301/22301/iso- 22301/
And also this free ebook "Becoming Resilient: The Definitive Guide to ISO 22301 Implementation" : https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/ -
Example of A.6.1.5 Information security in project management
Answer:
This article will help you: How to manage security in project management according to ISO 27001 A.6.1.5 https://advisera.com/27001academy/what-is-iso-27001/
In the toolkit we didn't develop separate documents for managing security in project management because you should use your regular policies and procedures for that purpose. For example, you shouldn't develop a separate Access Control Policy for project management - you should use your regular Access Control Policy for that purpose.