Dears, i'm working with the iso 27001, and a few days ago, i received an certification external audit. The auditor requested me a high level of details in the...
... Yes it is. That's why ISO demands that you get things like policies approved by top management - and why they talk about the need for internal support for...
Dear Fabian, I'm not sure if it is right answer what you are looking for. I thought that you should try with gap analysis using ISO 27001 comparing with being...
Hi, If you are working on ISO 27001, then the standard scope is Information security (in all forms). It does not talk about identifying risk in new line of...
Dear Fabin, Your RA shall assess the threat and vulnerabilities associated with the identified information, information processing & associated assets and...
Hi I would interpret the Auditors statement/requirement in a slightly different way. 1. All the busines function and the decisions they make in terms of...
Dear All, I fully agree with Venu. I have seen many organisations where RA is done organisation wide and not at the process levels. Process owners should do ...
RA has to be done both at the org level & at the entitiy level within the organization. RA can be done by the process owners provided it is done in conjuction...
Dear All, I have been teaching a class on risk management recently and that got me thinking. I don't know if it happens to you, but I learn more when I teach...
Hi All, Vincente has really summed it up nicely. There is no single best way for RA. RA be done as per the Organisation's characteristics - SME, Large,...
Hello, NIST - National institute of standards and technology has published "Risk Management Guide for Information Technology Systems". This is good RA...
Hi, Risk Assessment can be done at multiple levels - risks involving organization, business unit, project, function, information asset, technology, people and...
Dear ISO-27001 Members, Salam/Namaste As I have already introduce myself in this forum, By the way This is Suneel Kumar Panjwani doing Consultancy of...
Suneel - You need to speak to the HR dept head to list the processes that exist in the organization. But, nevertheless, you may have a few processes like...
 Hi.. This is Dinesh.. Can somebody help me in preparing the legal requirements w.r.t ISMS. What are the thing to be considered while preparing the document?...
 dear Dinesh, You can consider, Licence of Softwares, IT Act 2000 with this you can cosider Labaour laws, ... dear Dinesh, You can consider, Licence of...
Hi Dinesh, The first thing on legal requirement is to consider the retention of logs. What logs to be retained and how long an organization is expected to...
Legal requirement in ISo 27001 requires you to identify applicable legislations such as IT ACT 200, Copyright Act, patent Act, privacy laws etc... that impact...
Hi Dinesh, I would suggest you take a look at all the applicable laws for your organization, right from Labour laws, shops and establishment act, IT act etc. ...
Hi all, Thanks for your comments...!!! Can anyone suggest me what are the Indian Acts needed to be covered in the legal register??. (Does anyone sensibily &...
Hello, We are thinking on working on the process to get certified BS7799/ISO270001. My boss ask me to plan for this activity specialy for what we need help...
... These figures for a substantial enterprise - small and medium sized businesses will be less. Good consultants will run on the order of $125K to do the...
KB: 1. Very hard to say without knowing how big your company is. I'd say you need a month in the beginning, and may be more. 2. Yes, you can have the initial...
... You can use my templates to estimate the number of days you need based on your self-gap-analysis. My template is a combination of 27000 & COBIT generic...
On Laws...here are some... Indian It Act 2000, Provident Fund Act, Employee State Insurance, Worker's Compensation, Payment Of Gratuity Act, <State> Shops & ...
Hi.. Thanks for your input. I do agree we have to take of IT Act 2000, Copyright Act 1952 etc. I'm not able to understand why we have take care of acts like...
Hi Dinesh They are all part of information systems recycle/reuse/disposal processes. For ex. usage of electronic equipments such as PC monitors may mandate...
Dinesh, In simple terms the control manadates you to identify & follow all the relevant laws and regulation. Think.., in case if your organisation do not...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
