Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Impact Analysis Questionnaire


    Answer: Yes. Included in the premium toolkit you bought there is template called "Business Impact Analysis Questionnaire". You can use this document to help you gather information for supporting your BCM new initiatives and projects, as well as the development of the business continuity strategy.

    But more important than this template, is the Business Continuity Policy, also included in your toolkit. You can adapt this document, that reflects the top management expectations regarding business continuity, to establish as an organization directive, the need for considering business continuity practices in the organization's new initiatives and projects, thus obtaining a critical support for engagement of all people in the organization.

    This article will provide you further explanation about Business Impact Analysis:
    - Five Tips for Successf ul Business Impact Analysis https://advisera.com/27001academy/blog/2010/06/10/five-tips-for-successful-business-impact-analysis/

  • Qualitative and quantitative risk assessments


    Answer: Qualitative risk assessment focuses on interested parties perceptions about risks, expressing risk in terms of scales like “low – medium – high” or “1 – 2 – 3”, while quantitative risk assessment focuses on factual and measurable data, normally expressing risk values in monetary terms.

    This article will provide you further explanation about qualitative and quantitative risk assessments:
    - Qualitative vs. quantitative risk assessments in information security: Differences and similarities https://advisera.com/27001academy/blog/2017/03/06/qualitative-vs-quantitative-risk-assessments-in-information-security/

    These materials will also help you regarding qualitative and quantitative risk assessments:
    - Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Customer complaint


    Answer:
    First of all, you'll need communication channel i.e. the way your customer can reach you. Service requests, publicly published form (e.g. on the self-service portal or service desk portal) or through Service Level management/Business Relationship Management processes - these are the common way to do it.

    Once you receive customer complaint it's important to have someone to handle it. Equally important - to let the customer know that someone is working on his complaint.
    An finally, internally you need to setup the procedure how to approach the complain. That would include, for example:
    - whom to report that complaint has been received
    - timescale (maybe hard to define general timescale to resolve complains but at least for usual complaints)
    - escalation procedure
    - roles and responsibilities
    - depending on the services you provide - particular steps to resolve the complaint

  • Functional Quality Objectives for Website development and maintenance

    Functional quality objectives should be related to some feature of your product (website) or your service (maintenance). It should be related to the requirements of product or service and criteria to determine whether the product or service meets its requirements.

  • Proposal for ISO 27001 project


    Answer: I suggest you to use as basis our free template "Project proposal for ISO 27001 / ISO 22301 implementation" . You can download a copy at this link: https://info.advisera.com/27001academy/free-download/project-proposal-for-iso-27001-iso-22301-implementation-msword), and include some information related to ISO 27017, ISO 27018 and ISO 22301 from these materials:
    - ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
    - ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/
    - What is ISO 22301? https://adviser a.com/27001academy/what-is-iso-22301/

    Additionally, you can prepare a presentation based on the template "Project proposal for ISO 27001 implementation" (you can download a copy at this link: https://info.advisera.com/27001academy/free-download/project-proposal-for-iso-27001-implementation-powerpoint).

  • Becoming ISO 27001 Lead Auditor

    First of all, I apologize for the late answer. Regarding your question, yes, the 40 hours course is compulsory to take the exam, but there is no experience requirement to take it.

    The experience is required only when you want to start working as a certification auditor. In such case you start by participating as an observer, and after some audit hours you will participate more actively in the audit, until the point you will have all responsibilities of a lead auditor.

  • Risk assessment and business analysis impact


    Answer: Risk Assessment and Business Impact Analysis can be performed in any sequence, and ISO 22301 allow both approaches. We recommend performing the risk assessment first because this way you will have a better impression of which incidents can happen, which will make easier to focus on the most impacting ones during the Business Impact Analysis.

    This article will provide you further explanation about risk assessment and business analysis impact:
    - Risk assessment vs. business impact analysis https://advisera.com/27001academy/knowledgebase/risk-assessment-vs-business-impact-analysis/

    This material will also help you regarding risk assessment and business ana lysis impact:
    - Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/

  • Premises access control


    Answer: Considering ISO 27001, the control of premises access has the objective to protect the physical access both to information and to information processing facilities. This is achieved by considering, according results of risk assessment, applicable legal requirements, and decisions of top management, the definition of security perimeters, entry controls, and protections of rooms and facilities, among other controls.

    Regarding individual responsibilities, you can consider terms of:
    - guidelines definition and resources provision (top management)
    - operation and management of security controls (e.g., technical staff and security officer)
    - Compliance with security controls and policies (employees)

    These articles will provide you further explanation about access control:
    - How to handle access control according to ISO 27001 https://advisera.com/27001academy/blog/2015/07/27/ how-to-handle-access-control-according-to-iso-27001/
    - How to protect against external and environmental threats according to ISO 27001 A.11.1.4 https://advisera.com/27001academy/blog/2016/01/25/how-to-protect-against-external-and-environmental-threats-according-to-iso-27001-a-11-1-4/

    These materials will also help you regarding access control:
    - ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • SOC Continued Operations Letter


    Answer: SOC Continued Operations Letter is an artefact provided by Amazon Web Services a service organization may choose to issue describing updates or changes in its controls since previous audits from certification bodies or regulators, as means to support audit activities. You can find more information at this link: https://aws.amazon.com/artifact/

  • Certifications to support risk resilience.


    Answer: If your focus is the recovery of business activities you should consider the ISO 22301 certification, because it can provide you the bases for identifying the most critical aspects of the business, the most relevant disruptions scenarios and how to handle them properly to minimize impact and speed up recovery.

    Additionally, I also suggest you to consider ISO 27001 certification, since you also have to consider the protection of business information, and ISO 27001 is specifically designed to handle information protection.

    These articles will provide you further explanation about ISO 22301 and ISO 27001:
    - What is ISO 22301? https://advisera.com/27001academy/what-is-iso-22301/
    - What is ISO 27001? https://advisera.com/27001academy/what-is-iso-27001/
    - What to implement first: ISO 22301 or ISO 27001? https://advisera.com/27001academy/blog/2017/04/03/what-to-implement-first-iso-22301-or-iso-27001/

    These materials will also help you regarding ISO 22301 and ISO 27001:
    - Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Page 874-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +