1. To meet the ISO standards for Operations Security and Security Incident Management, is implementation of a cybersecurity tool necessary?
2. How much history of “records” is needed to show the auditor evidence of newly formed operational processes?
3. Typically, once the ISMS prep is completed, how long after can a company get certified?
4. Typically, for a small company, less than 20 employees, 5 sites, how long does ISMS project take?
5. What are some examples of the information assets for the inventory list for a small company