Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Guest
... ISO 27001 vs. ISO 27002 (103): https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
- MANDATORY DOCUMENTED PROCEDURES REQUIRED BY ISO 27001 (108): https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
- How to maintain the ISMS after the certification (3): https://advisera.com/27001academy/blog/2014/07/14/how-to-maintain-the-isms-after-the-certification/
... ... f training services has signed a contract with the customer where it has obliged to comply with certain requirement, then it must comply with it - otherwise this is a nonconformity.
The point is, a company must comply with all of these: ISO 27001 + laws & regulations + contractual obligations + its own policies and procedures.
This article can also help you: Major vs. minor nonconformities in the certification audit https://advisera.com/27001academy/blog/2014/06/02/major-vs-minor-nonconformities-in-the-certification-audit/
... .. n-iso-27001/
ÃÂHow to identify interested parties according to ISO 27001 and ISO 22301ÃÂ: https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//
ÃÂRisk owners vs. asset owners in ISO 27001:2013ÃÂ: https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/
... his direct boss - e.g. the Head of IT department; risk owners should be people who can resolve particular risks - e.g.:
risk of performing wrong activities because of non-existing rules - risk owner could be Head of IT department
risk of performing wrong activities because of lack of training - risk owner could be Head of HR department
This article can also help you: Risk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/
... 7001.
2. I am due to go on a foundation course and then the Lead Implementer course and then next year do my Lead Auditors course do you think this is the right way to go?
Perhaps foundation course would not be needed if you already have some experience in IT - in such case you can go straight to Lead Implementer course. Read also this article: Lead Auditor Course vs. Lead Implementer Course  Which one to go for? https://advisera.com/27001academy/blog/2014/06/16/lead-auditor-course-vs-lead-implementer-course-which-one-to-go-for/