hi, You can list them based on their skills. Usually it is done by the HR Team who has an updated database of list of employees their current roles and skills....
528
A V Achar
avachar
Jul 16, 2010 4:24 pm
Dear Ray, People assets may be taken into account in the asset valuation, based on the designations and not by names. You have to cover all the designations...
529
Eric Regalado
er_regalado
Jul 18, 2010 8:14 am
Cover all the designations "within the scope" and NOT in the "organizational chart". BR, ER ________________________________ From: A V Achar...
530
Ray L
raysfla
Jul 22, 2010 4:37 pm
Thanks to all for your input. -List people assets by title/function -assess risk/assign controls as they relate to that job function -only list function/titles...
531
Ahmed Marzouk
eng_ahmedmar...
Jul 26, 2010 6:11 pm
Dear Ray you can also instead for making assessment for each employee try to make asset containers whish holds the same kind and attributes and do your ...
532
Ahmed Marzouk
eng_ahmedmar...
Jul 26, 2010 6:17 pm
Dear Ray for people assets, it is mandatory to take them in consideration as ( Assets within the Scope > Non-IT Assets > human assets ).. so you are going to...
533
sni63
Jul 27, 2010 8:33 am
Hello my friends I'm beginner in ISMS We outsource our ISMS planning for some current projects to a team Suppose our project is Establishing a new Organization...
534
stud.harry@...
stud.harry
Jul 30, 2010 4:37 pm
Dear all, Can anyone please help me with some information on ISO 27004 apart from its introduction and general information. I am looking out for key features...
535
A V Achar
avachar
Aug 17, 2010 6:25 am
Dear Harry, ISO/IEC 27004 Information Security Management Measurement This standard will provide guidance on measuring the effectiveness of security programme...
536
Ahmed Marzouk
eng_ahmedmar...
Aug 17, 2010 6:26 am
Dear all; I have the annual aurveillance audit soon, and the auditor had sent to me his agenda, it is well understood for me but i need some advice and ...
537
Valter
cruzvalter
Aug 19, 2010 8:20 am
Dear all, ISO 27004 wasp ublished in December 2009. Valter Cruz...
538
Valter
cruzvalter
Aug 19, 2010 8:21 am
Hello ?, I think that you first should make sure that the company has reputation in the market and its professionals are certified. Certified professionals...
539
A V Achar
avachar
Aug 22, 2010 5:36 pm
Thanks Cruz for updating the information. Alevoor V Acharr Service Above Self - He profits Most who serves Best. ISO Lead Auditor : QMS, ISMS, EMS, OHSAS and...
540
Thukaram Mahadev
mahadev_geetha
Aug 22, 2010 5:39 pm
Hi, The intent of them providing those documents might be to show their capability or as a guideline for you to understand what ISO 27001 is all about and what...
541
sni63
Aug 23, 2010 7:23 am
Hi, Many thanks for your replies According to our researches have done we finally find that we have a security modeling of our project. Can anyone have...
542
Saquib Farooq Malik
saquibfarooq
Aug 25, 2010 6:51 am
Greetings everybody, I came across a document called 'Information Security Policy Statement', this was a part of an ISMS documentation system that also...
543
MS Sripati
ms_sripati
Aug 26, 2010 8:01 am
Hi Sorry about the in-complete answer, it was an accident! ISO 27001 speaks about two policies; to quote:- 4.2.1 (b) NOTE: For the purposes of this...
544
Valter Cruz
cruzvalter
Aug 27, 2010 8:27 am
I think you do not need a document for Information Security Policies and one for ISMS policy. The two policies may be being acquired in a single document. ISO...
545
Denny Sugiri
denny_sugiri
Aug 27, 2010 8:27 am
Dear All, If we already had ISO 9001:2008 and ISO 27001:2005 can we combine between quality policy and information security in a single document ? So the...
546
manish dave
manish_dave
Aug 28, 2010 8:26 am
Dear All, I think it is better to keep them seperate. Reason being : 1. A policy statement shows the intent & focus of top management. In quality case, the...
547
Dharmendra
dharmu_r
Aug 28, 2010 8:26 am
Dear Denny, It is always better to have one framework (that is the your policy) which covers your requirements (like ISO 27001, ISO 9001, HIPAA etc. It is a...
You are right Denny. BR, ER ________________________________ From: Denny Sugiri <denny_sugiri@...> To: iso-27001@yahoogroups.com Sent: Fri, August 27,...
550
Valter Cruz
cruzvalter
Aug 29, 2010 9:08 am
Dear all, We can think in terms of integrated management system ( a single system incorporating the requirements of two or more auditable standards) Integrated...
551
Eric Regalado
er_regalado
Aug 29, 2010 9:09 am
Why do we all need to agree with you? I've done several QISMS projects (all of them got certified in the first attempt) and they have combined policy...
552
Denny Sugiri
denny_sugiri
Aug 30, 2010 8:12 am
Dear All,  Thank your for your responses and support,  The Quality and Information Security Policy document now has been approved by Board Of Directors...
553
Thukaram Mahadev
mahadev_geetha
Aug 30, 2010 8:12 am
I agree to Eric, All the three can be in a single policy statement and does not require to be separate (Though a organization wishes to have it separate for...
554
Saquib Farooq Malik
saquibfarooq
Aug 31, 2010 4:51 pm
Greetings everybody, Summary Question: Is there any reason I should prefer paper based evidences to electronic evidences like email. Scenario: For implementing...
555
Rishu Dhawan
rishudhawan
Sep 1, 2010 7:31 am
I believe as long as you can prove using a controlled record it should be fine. Do you also use any crm tool where this change number is logged or tracked? ......
556
sandeep walia
er_sandeep
Sep 1, 2010 7:31 am
There is no compusion to use paper based evidences in place of email Infact email is the prefereed media as the time and date can be verified in email systeme...
