Dear all, I am working on a SOA Document and i need urgently some help. I would like to know if someone has template of such a document or at leat a possible...
Samy, Can you please specify a little further? Statement of applicability,...for what? DITSCAP FISMA ISO Carter Sa SA <fairysamy@...> wrote: Dear all, I...
Dear Samy, Although I cannot provide a template, I can tell you what an SOA should have. From the Annex. A of the Standard, you have to indicate the controls...
Also for those applicable controls you may refer to your policies/procedures. Best regards, Pendar ... __________________________________________________ Do...
Hi all, I have couple of questions: Has anyone worked on a Non-conformity report? Do you have any approach on how to perform ISO test, Sampling methdology,...
Dear Jesus, Please tell whether you are talking about raising a Non-Conformity (NC) or describing action against a rasied NC? If you're thinking of raising an...
Kashif thank you very much for taking your time to response to my e-mail. I will clarify myself in my questions: Has anyone worked on a Non-conformity report? ...
Hi All, Till these days I have been a reader of this group, but never wrote to this group on any of the issues or problems. Sorry for that ... you should be...
Hi Gijo, ... My opinion is that effectiveness can't be measured as some information is alwasy missing. Let's say a control say that no equipment must be ...
Does anyone has detail information about the Six Stages of the ISO 27001 preparation process? or tell me where can I find such information. Thanks, Jesus...
Hello All, I have a question regarding the ISO-27701 assessment. If during the assessment we as auditor identify an un-conformity, do we have to provide...
Dear Jesus, An auditor shouldn't provide any solution, only note what has been observed and determine compliance or non-compliance. This is for two reasons: 1)...
Hi Jesus, It actually depends how you are conducting an audit (I mean as an Internal Auditor or as a consultant). If you are auditing the process as an...
Arindam.Banerjee
Arindam.Banerjee@...
Aug 11, 2006 7:12 am
105
Recommendations should not be provided.. How can an auditor take the same role as a consultant and then come back in the next audit and verify his own...
Hi I had the "chance" to read both books... I think they really do not reflect the "core or spirit" of what one could need for ISO 27001... Just talking about...
Yes Arindam, your opinion is correct. As an external auditor during 3rd party audit you should not give any solution regarding your non conformity, although...
It also depends are you acting as an assessment or an audit? If just an assessment I highly recommend providing a solution, thats what you are getting...
Hi all. I am new to this list, so thought I would introduce myself. I manage Information Services for a State Government Agency in Sydney,Australia. Our State...
Since you've passed one audit, you have a foundation for doing a gap analysis for your other units. I would pick the next area you'd like to certify, and do a...
Dear All, I would like to have some insight on how to conduct audit at the project level (in software development and BPO industry). As most of the controls of...
Arindam.Banerjee
Arindam.Banerjee@...
Aug 14, 2006 6:12 am
112
"Adequate back-up facilities should be provided to ensure that all essential information and software can be recovered following a disaster or media failure"...
Think Disaster Recovery and Business Continuity. A Hot or Cold site that is physically separate from your production site. Thanks, Kim Sassaman, CISSP ...
It just tells you that you should have a back-up mechanism in place, for speedy and effective recovery at the time of disaster. The back-up should never be...
Arindam.Banerjee
Arindam.Banerjee@...
Aug 25, 2006 6:43 pm
115
Dear Friends, Our external auditors have put an observation that our ISMS Objectives need to be re-defined to be SMART, as presently they are too generalistic....
Dear Sarat, ... I think you will need ISM3 (www.ism3.com) to enhance your ISO27001 ISMS. ... A security objectices / security targets example from ISM3 is: ...
refrence to your query, the opinion is as below: S - Specific--- means is to identify the key/target area for implemenatation of ISO M - Measurable----means is...
The latest issue has just arrived. For anyone who doesn't receive it, the full copy is below: ______________________________________________________ THE ISO...
Hi all I work for a commercial company and the head of Info Sec is an ex- military man. The company wants to achieve certification in the standard. Most of the...
Hi JP, It's a common dillema. The head of Info Sec must understand that there are no mandatory controls. However, there are baselines. I suggest that you...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
