Hi ISACA has a download of the COBIT & ISO 27001 mapping. Maybe that will help you. Cheers, Dhananjaya Rao.N  ________________________________ From: Okunwa...
Hi , there are a lot of documents on net showing Cobit and ISo 27001 mapping. Â RD ... From: Okunwa Aduragbemi <adura4u2nv@...> Subject: [iso-27001]...
Does anyone know the potential pitfalls of applying ISO controls to processes? My organisation is mooting an expansion of our registration to all of our top 40...
Considering the client follows ISO 17799:2005 ISMS, when does the client define "Management responsibility"? a. standards are defined b. assets are identified ...
Hi, 2 cents from me - Clause 5 (Mandatory clauses)Â clearly explains that the Management Responsibility has to be set up before the start of implementation and...
Management responsibilities comes in cl 6.1.1 as management commitment. This is mandentory guidelines of ISO 17799:2005. It comes after policy documents are...
I appreciate your response. I am clear about the Clause 5. however, which is the best answer to choose from the options provided was my query. Thanks, Deepal ...
Dear all, I have few questions on control A11.7.2 implementation. 1. What is the normal trend on allowing users to work from home? 2.  Should they be...
Duh? Why do you need to "define" management responsibility? ________________________________ From: RiCkY <madlaniricky@...> To: iso-27001@yahoogroups.com...
Dear All, Â I need clarification on how to go about the implementation of the Statement of Applicability. Â How do i know the yardstick for determining the...
... Hallo Deepal, ISO 27002:2005 (formerly known as ISO 17799:2005) is not necesseraly implemented starting at chapter 1 and ending at chapter 15, in that...
Hi we are implementing ISMS and would like to know what will be the best way for risk management and assessment we worked on the FMEA procedure but I am not...
Yes, there will be changes in the SOA. Note: It all depends on the scope defined initially. If you change the scope all documents related to ISMS will get...
Hi, FMEA is best suitable for manufacturing companies. As you are trying to implement for IT department I suggest you to follow ISO 27005 for Risk Management. ...
Dear Okunwa, You can draft SOA only after finishing your Risk Assessment phase. After your risk assessment you will clearly know what controls are applicable...
Also, I recently joined the organisation, the ISMS implementation already started, the people who did the documentation and other activities are not trained or...
Well I have no experience in the MSAT, I would like to have come inputs on using the same as it is questionaire based dont know which questions to use and how...
You can draft SOA only after finishing your Risk Assessment phase. After your risk assessment you will clearly know what controls are applicable for you and...
I believe that doing SOA before the RIsk Assessment is not the right way of doing it as you will not know which control you are going to implement and which is...
Thanks to you both. I appreciate. My status is that IÂ have virtually everything running in my organization before embarking on implementing the ISO27001....
Your previous email said "ideal way" and the email before that says "the only way". Which is which? An organization can implement ISO 27001 controls even...
Dear Sunil, there is nothing called 100% compliance. There is always some level of improvement would be required after every audit. (Experienced auditors will...
Dear All,  We are into data centre services, most of our hosted servers/other assets are owned by the people (clients) who sit out of their offices and not...
 you mention the data hosting services as the scope of your ISO  In such cases all teh servers hosted are out of scope of ISO 27K , however those servers &...
Hello Jatin Sehgal, About scope, yes you must include them. About considering hosted servers as asset, My oppinion is you may include in your assets, but of...
You can draw a line and limit the certification scope to the physical boundary and not include the client assets that you are made custodians of. But, you will...
Dear sir, I have some questions related to ISO 27001 , so plz, help me - Is ISO a tecnology or not ? - How can we make integration between Tecnology and...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
