Beruflich Dokumente
Kultur Dokumente
conducted for
Prepared by
Tony Smith
Location
8899 Pine Ln, Cotati, CA 94931, USA
Completed on
04 Jan 2019 01:17 PM
Score
91/96.0 - 94.79%
Failed Responses
This section lists responses that were set as "failed responses" in the template used for this
audit
5.1 (d) communicating the importance of Will receive the confirmation electronic
effective information security signatures of the newly onboarded
management and of conforming to the More Work employees from Julie.
information security management
system requirements;
10.1 (f) the nature of the nonconformities Getting the access for the east coast
and any subsequent actions taken, and More Work audit reports.
10.1 (g) the results of any corrective Getting the access for the east coast
action. More Work audit reports.
#1. Hello Mike, I know we talked about this already but just reminding you to meet
with me tomorrow and bring the files from the newly acquired site. We need to add
those to our documentation for ISO 27001 certification.
Assignee: michael.taylor.IT@safetyculture.com
Priority: HIGH
Due Date: 05 Jan 2019 11:00 AM
Audit: Pacific Coast Data Center / Tony Smith / 04 Jan 2019
Linked to item: 5.1 (b) ensuring the integration of the information security
management system requirements into the organization’s
processes;
Status: To Do
#2. Hello Julie, I believe our new employees are onboarding today. Please make
sure that they are aware of our directive to work towards ISO 27001 certification.
Educate them about our company goals per usual.
Assignee: julianne.boulder.hr@safetyculture.com
Priority: MEDIUM
Due Date: 04 Jan 2019 04:00 PM
Audit: Pacific Coast Data Center / Tony Smith / 04 Jan 2019
Linked to item: 5.1 (d) communicating the importance of effective
information security management and of conforming to
the information security management system
requirements;
Status: To Do
#3. Hello Trevor, Please give me the level of access to view the audit reports from
the new east coast data center. Thanks!
Assignee: trevor.nguyen.admin@safetyculture.com
Priority: LOW
Due Date: 07 Jan 2019 05:00 PM
Audit: Pacific Coast Data Center / Tony Smith / 04 Jan 2019
Linked to item: The organization shall retain documented information of
the results of the information security risk treatment.
Status: To Do
The organization shall establish, I am glad to say that the very nature of
implement, maintain and continually our business compels us to commit to
improve an information security the continued improvement of ISMS.
management system, in accordance with Done
the requirements of this International
Standard.
5.1 (d) communicating the importance of Will receive the confirmation electronic
effective information security signatures of the newly onboarded
management and of conforming to the More Work employees from Julie.
information security management
system requirements;
5.1 (e) ensuring that the information It's a work in progress but I am confident
security management system achieves its Done we are achieving our goals by following
intended outcome(s); our ISMS procedures.
5.1 (f) directing and supporting persons Reminded People Team to properly
to contribute to the effectiveness of the onboard our new employees and get
information security management them up-to-date with our goal to get
system; Done certified.
Will meet with IT Team tomorrow to go
through the files from the new site.
5.2 Policy
6.1.1 General
The organization shall define and apply an information security risk assessment process that:
The organization shall define and apply an information security risk treatment process to:
7.1 Resources
7.2 Competence
7.2 (a) determine the necessary Julie has done a great job getting the
competence of person(s) doing work right employees for our company.
under its control that affects its Done
information security performance;
7.3 Awareness
Persons doing work under the organization’s control shall be aware of:
7.4 Communication
The organization shall determine the need for internal and external communications relevant to the
information security management system including:
7.5.1 General
When creating and updating documented information the organization shall ensure appropriate:
Documented information required by the information security management system and by this
International Standard shall be controlled to ensure:
For the control of documented information, the organization shall address the following activities, as
applicable:
10.1 (f) the nature of the nonconformities Getting the access for the east coast
and any subsequent actions taken, and More Work audit reports.
10.1 (g) the results of any corrective Getting the access for the east coast
action. More Work audit reports.
Comments/ Reconmmendations We're well placed as far as working towards getting the
third party certification for ISO 27001 is concerned.
Everybody is working together and iAuditor has made
our jobs simpler. I'll discuss more during our monthly
meeting on Monday.