Quantcast
Channel: The ISO 27001 & ISO 22301 Blog – 27001Academy
Browsing all 45 articles
Browse latest View live

By: Raghavendra Gururaj

Dear Dejan Kosutic, Quite crisp and upto the point. I liked the way the steps are defined and explained. Regards Raghavendra 23/11/2010

View Article



By: Ronaldo

I have implemented 27001. A prospective customer wants to see our SoA. Is this acceptable? Ronaldo

View Article

By: Dejan Kosutic

It would be acceptable if you don’t have confidential information in Statement of Applicability – therefore, you need to classify it first and then decide on allowing access or not. If you do have...

View Article

By: Michael

It would usually be acceptable, as the SoA only contains a list of controls you have implemented which doesn’t have to be confidential per se. I agree with Dejan in so far as stating or not stating a...

View Article

By: Andrea Simmons

Can I ask for edits to this checklist?! “Write an ISMS Policy” is erroneous. You wouldn’t write an ISMS Policy… you write an ISP …and Information Security Policy. An ISMS is an Information Security...

View Article


By: Dejan Kosutic

Andrea, clauses 4.2.1 b) and 4.3.1 a) specifically require to write a “ISMS policy” – this is a top-level policy that defines some basic rules for information security management. I agree with you that...

View Article

By: Paula

I am aware that ISO 27001 is in the process of being redrafted. My company is looking to implement ISO 27001. Is it worth us waiting until the new standard is released, or continue working with the...

View Article

By: Dejan Kosutic

Regarding the new ISO 27001 standard – at best it will be published in October 2013, but this is never certain – it could drag on until the March or April 2014 because it has to be approved by the...

View Article


By: ISO 27001 Manual

Our ISO 27001 training courses are designed with your business in mind and delivered by best in class trainers. Choose from public courses or bespoke onsite training to gain the knowledge needed to...

View Article


By: Deepak

Hi Mr.Dejan, I have few questions in mind; Even with the release of new version, can we still implement and get certified for ISO27001:2005 in the coming year i.e.2014? If that is so, for how long will...

View Article

By: Dejan Kosutic

Deepak, after new revision of ISO 27001 is published (ISO says target date is October 2013), it is not going to be possible to certify against ISO 27001:2005. However, if you certify against ISO...

View Article

By: SecurityFan

Hej Dejan, why do you create the RTP right after the SoA, but before the procedures? I agree that the actual implementation of the controls has to be done after the RTP, but wouldn’t it be better to...

View Article

By: Dejan Kosutic

Hi SecurityFan, Risk Treatment Plan needs to be written before you start writing the procedures because RTP is a kind of an action plan which defines who will be responsible for writing these...

View Article


By: Santhosh

Hello Sir, This is Santhosh from India. Is there any write up explaining the 133 controls and their importance with some examples

View Article

By: Dejan Kosutic

Santhosh, the best way is to purchase ISO 27002 – it describes each control into detail and suggests the way to implement them.

View Article


By: Santhosh

Thanks for your swift response. How to assess the legal requirements for ISMS implementation?

View Article

By: Santhosh

Dear Sir, We are in the process of implementing ISMS and we have followed ISO/IEC 27001:2005 (reaffirmed 2013) for all our initiation process. Do we need to follow this or we have to get the new...

View Article


By: Dejan Kosutic

Santosh, you can get certified against old ISO 27001 2005 revision until September 25, 2014 – for more details see this article:...

View Article

By: Rakesh Maheshwari

In my view the SOA is one document, which needs to be shared with the customer as and when required. Afterall then only the actual scope and extent of implementation of ISMS will be clear

View Article

Using Intrusion Detection Systems and Honeypots to comply with ISO 27001...

Networks are what make collaborative work possible. Without them, remote or global business wouldn’t exist. This critical role attracts attention, and makes networks a preferred target to wrongdoers,...

View Article
Browsing all 45 articles
Browse latest View live




Latest Images