Dear All, I am Rohan Kadam, an engineer by profession. Currently I am working with Financial BPO. I've comprehensive 5 years experience in Quality Management...
Dear Rohan, ... It can't be denied. Any scope you choose, let's say a web server is accreditable. ... You can choose any method you want, you can even make up...
Dear Rohan, Answers are given below the questions. Although, I feel an Implementation course would be the best option for you. Other members can correct me...
Dear Rohan, Statement of applicability is the last stage of implementation. If compliance is new to your organization, i would suggest to start from defining...
Hi Rohan...I see that quite a few people have already replied to your queries. Just want to throw some more light on the basic issues you face, as I feel they...
In looking at the paperwork for this it becomes clear that this is very much oriented toward an officious process centered around the UK. Nominations and...
I suspect they broke it up in parts to supply the vendor community with multiple "new" niche markets to pursue. ks C. Karen Stopford, CISSP AVP Information...
Dear Rohan, I would agree with Manish that you need some kind of formal training if you are the Lead for the project. Better to be well informed in this case....
HI All, Please clarify me the following query regarding the "Documented procedure for measurement of effectiveness of controls " . Basically Im not sure what...
Dear Sameer, ... Measured effectiveness measures what results are you getting in comparison with an ideal (baseline) I have said this before. My opinion is...
Dear friends, I am back with my other query. Please guide me on drafting Telephone/ Fax Policy for my organization. Points to be considered are Making...
Hi Gang, I am an IT project manager tasked with aligning our entrprise security with the ISO 27001:2005 and ISO 17799:2005 standards. We are not after ...
For anyone who hasn't seen it: THE ISO 27001 and ISO 17799 NEWSLETTER - EDITION 14 Welcome to the Issue 14 of the ISO27001/ISO17799 newsletter, designed to...
Dear Members, I am confused bit about BCP and DRP... can anyone help me that wats the big difference between these two Terms.. Waiting for your quick...
My view: Business Continuity Planning - planning for continuity of the business - includes things like officer replacement as they retire, continuity of...
BCP is the safeguards that you put in place so that your business can continue uninterrupted when something bad happens. Example: UPS and generator for...
A business continuity plan (BCP) is a management process to ensure the continuity of businesses. Not to be confused with continuity of operations (COOP) where...
Dear Suneel, Business continuity planning is the process and procedures that an organisation can put in place to ensure that essential business functions ...
Hi Suneel, Please go through the definitions that are self-explanatory. BUSINESS CONTINUITY PLANNING (BCP): An all encompassing, "umbrella" term covering both...
Dears, i'm working with the iso 27001, and a few days ago, i received an certification external audit. The auditor requested me a high level of details in the...
... Yes it is. That's why ISO demands that you get things like policies approved by top management - and why they talk about the need for internal support for...
Dear Fabian, I'm not sure if it is right answer what you are looking for. I thought that you should try with gap analysis using ISO 27001 comparing with being...
Hi, If you are working on ISO 27001, then the standard scope is Information security (in all forms). It does not talk about identifying risk in new line of...
Dear Fabin, Your RA shall assess the threat and vulnerabilities associated with the identified information, information processing & associated assets and...
Hi I would interpret the Auditors statement/requirement in a slightly different way. 1. All the busines function and the decisions they make in terms of...
Dear All, I fully agree with Venu. I have seen many organisations where RA is done organisation wide and not at the process levels. Process owners should do ...
RA has to be done both at the org level & at the entitiy level within the organization. RA can be done by the process owners provided it is done in conjuction...
Dear All, I have been teaching a class on risk management recently and that got me thinking. I don't know if it happens to you, but I learn more when I teach...
Hi All, Vincente has really summed it up nicely. There is no single best way for RA. RA be done as per the Organisation's characteristics - SME, Large,...
Hello, NIST - National institute of standards and technology has published "Risk Management Guide for Information Technology Systems". This is good RA...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
