Collaborate Disseminate
If there are two companies, each holding a valid ISO 27001 certification, what type of formal relationship can be established in policy to allow each other to access, process and store each other’s information assets?
Lets for example say:… Continue reading ISO 27001 – Companies processing each other’s data
Is Google Drive compliant with control A.8.15 in ISO 27001:2022?
As ISO 27001 requirements for logging and monitoring, are Event logging, Log storage, Protection of logs, and Analysis of logs, could I use Google Cloud as it is keeping this… Continue reading Is Google Drive compliant with control A.8.15 in ISO 27001:2022? [closed]
There are many IT security frameworks/standards/regulations/etc to chose from, each with their own pros and cons. For example, IS0 27000 series, NIST CSF, NIST RMF, PCI-DSS, etc. My question is, is there a checklist that helps me decide wh… Continue reading How do I decide which security framework is most suited to my organization?
I do research and development at an ISO27001 certified company that makes enterprise software. As such, I work from an isolated environment so that I can experiment with non-IT-approved software programs and libraries, as well as APIs (i…. Continue reading How to do R&D with rapidly changing open source software libraries and APIs in the presence of sensitive data while maintaining ISO27001 compliance
I’m putting a list of assets together, but I’m really struggling to figure out how to categorise them.
Take for example you have the following:
MailChimp (Full SaaS, holds potential PII in a database they manage)
AWS (Shared responsibilit… Continue reading Saas software, cloud services and ISO assets
Synology’s Active Backup for Business has a feature for Destination Encryption which only seems to work with BTRFS. It works so that you have to set it up when creating the BTRFS storage. At this point you specify a password and when finis… Continue reading Is Synology’s Active Backup for Business Destination Encryption Secure or Snake Oil?
A Company would like to get ISO 271001 certified.
With 10 developers and 4 others (product, QA) having access to various Github Repositories, they managed their access rights pretty good. 3 people have full access (admin) rights on the Org… Continue reading Does ISO27001 require to use Github Enterprise Single Sign on?
I am being told by a security consultant that there are two ISO 27001; one based on an application other on the physical office premise. I have a SaaS based product, and I am not sure which one to go for. What’s the usual practice? I am mo… Continue reading Do I need ISO27001 for Office or for Application [closed]
I’m trying to write and implement an ISO 27001 compliant information security management system (ISMS) for the company I work for. Currently we have our HQ the UK (2 office locations plus a test site) and an additional office in Europe.
Cu… Continue reading ISO 27001 and Subsidaries
I’m doing a research as a preparation for my exam, and I can’t find anything about it. Could someone please explain me what are the main differences between internal and external audit in ISO27001?
Thanks
Continue reading What are the main differences between internal and external audit in ISO27001?