Take the ISO 27001 course exam and get the
EU GDPR course exam for free
EU GDPR course exam for free
LIMITED-TIME OFFER – ENDS MARCH 30, 2023
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Cloud security risk assessment methodology
I have purchased ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit English (with live expert support).
I need expert help on how to use this documentation for cloud security risk assessment methodology and set of security controls to be used for security assessments during cloud adoption lifecycle in a customer environment.
-
ISO 27001 Documentation
Do you have an asset tracking document format in your toolkit or available on your website? -
04.1_Information_Security_Policy_Cloud_EN
Using your toolkit, I am writing 04.1_Information_Security_Policy_Cloud_EN. In the document, it is stated that to learn how to fill out this document, and to see real-life examples of what you need to write, watch this video tutorial: “How to Write the ISMS Policy According to ISO 27001”. However, I see some differences between the word document in the toolkit and the document in the video. Is this because they are different documents? Or Have there been changes made to the toolkit? If so, is there a video tutorial for 04.1_Information_Security_Policy_Cloud_EN? Moreover, the title of the 2 documents is different. In the toolkit it is "INFORMATION SECURITY POLICY" but in the video, it is "INFORMATION SECURITY MANAGEMENT SYSTEM POLICY". -
04.1_Information_Security_Policy_Cloud_EN
Using your toolkit, I am writing 04.1_Information_Security_Policy_Cloud_EN. In the document, it is stated that to learn how to fill out this document, and to see real-life examples of what you need to write, watch this video tutorial: “How to Write the ISMS Policy According to ISO 27001”. However, I see some differences between the word document in the toolkit and the document in the video. Is this because they are different documents? Or Have there been changes made to the toolkit? If so, is there a video tutorial for 04.1_Information_Security_Policy_Cloud_EN? Moreover, the title of the 2 documents is different. In the toolkit it is "INFORMATION SECURITY POLICY" but in the video, it is "INFORMATION SECURITY MANAGEMENT SYSTEM POLICY". -
Questions regarding the template of ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit
My company purchased ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit. While working on them, I am confused with one of the templates, A9.1_Access Control Policy. Can you please assist me to understand? 1) Which section does “privileges in respect to the abovementioned user profiles” in 3.4. Organization’s privilege management refer to? Is this 3.2 or 3.3? 2) If it’s 3.3 then looks like 3.4 and 3.5 will cover the same thing? 3) But, section 3.7 mentions “Organizations’ personal defined in 3.4 as responsible for granting administrative access rights to its public cloud services, platforms, and infrastructure…”. Which makes me wonder 3.4. is for 3.3. Is it correct? Or, this should be “Organizations’ personal defined in 3.5 as responsible for granting administrative access rights to its public cloud services, platforms, and infrastructure…” Can you please explain as I am not clear what to cover in those sections? -
Finding ISO 27017/18 content
We have purchased the toolkit 27001 incl. 27017 and 27018 from you.
We now have a question about this.
We cannot find any sample documents or templates in your tool kit for any of the following points:ISO 27017
[Clauses on Service Agreements with cloud providers] in CLD.6.3.1
ISO 27018
[User Data Privacy Protection Agreement Guidelines] in A.1.1
[Security Requirements Specification] in A.4.1Can you kindly tell us which of your documents contain these points or where we can find references to them?