BLACK FRIDAY DISCOUNT
Get 30% off on toolkits, course exams, Conformio, and Company Training Academy yearly plans.
Limited-time offer – ends December 2, 2024
Use promo code:
30OFFBLACK

Tag: "Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit" - Expert Advice Community

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Cloud security risk assessment methodology

    I have purchased ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit English (with live expert support).

    I need expert help on how to use this documentation for cloud security risk assessment methodology and set of security controls to be used for security assessments during cloud adoption lifecycle in a customer environment. 

  • ISO 27001 Documentation

    Do you have an asset tracking document format in your toolkit or available on your website?
  • 04.1_Information_Security_Policy_Cloud_EN

    Using your toolkit, I am writing 04.1_Information_Security_Policy_Cloud_EN. In the document, it is stated that to learn how to fill out this document, and to see real-life examples of what you need to write, watch this video tutorial: “How to Write the ISMS Policy According to ISO 27001”. However, I see some differences between the word document in the toolkit and the document in the video. Is this because they are different documents? Or Have there been changes made to the toolkit? If so, is there a video tutorial for 04.1_Information_Security_Policy_Cloud_EN? Moreover, the title of the 2 documents is different. In the toolkit it is "INFORMATION SECURITY POLICY" but in the video, it is "INFORMATION SECURITY MANAGEMENT SYSTEM POLICY".
  • Questions regarding the template of ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit

    My company purchased ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit. While working on them, I am confused with one of the templates, A9.1_Access Control Policy. Can you please assist me to understand? 1) Which section does “privileges in respect to the abovementioned user profiles” in 3.4. Organization’s privilege management refer to? Is this 3.2 or 3.3? 2) If it’s 3.3 then looks like 3.4 and 3.5 will cover the same thing? 3) But, section 3.7 mentions “Organizations’ personal defined in 3.4 as responsible for granting administrative access rights to its public cloud services, platforms, and infrastructure…”. Which makes me wonder 3.4. is for 3.3. Is it correct? Or, this should be “Organizations’ personal defined in 3.5 as responsible for granting administrative access rights to its public cloud services, platforms, and infrastructure…” Can you please explain as I am not clear what to cover in those sections?
  • Finding ISO 27017/18 content

    We have purchased the toolkit 27001 incl. 27017 and 27018 from you.
    We now have a question about this.
    We cannot find any sample documents or templates in your tool kit for any of the following points:

    ISO 27017

    [Clauses on Service Agreements with cloud providers] in CLD.6.3.1

    ISO 27018

    [User Data Privacy Protection Agreement Guidelines] in A.1.1


    [Security Requirements Specification] in A.4.1

    Can you kindly tell us which of your documents contain these points or where we can find references to them?