Mango is cloud software for managing compliance standards like Quality, Health & Safety and Environmental Management (QHSE). It will get more of your employees involved and participating in your management systems.
Over 1000 companies love how Mango enables them to meet all their compliance obligations with ease.
Today, Mango Limited has resellers in Australia, New Zealand, South Africa, UK and the USA. There is a solid base of customers across a range of industries, including manufacturing, local government, tourism, shipping, agriculture, building and construction, and more.
Mango is also used if you are seeking certification to ISO 9001 (quality), ISO 14001 (environmental), ISO 45001 (health and safety), ISO 22000 (food safety), ISO 27001 (information security) and ISO 22301 (business continuity).
Fantastic breakdown - the only thing I am still struggling with is the difference between Gap analysis and Risk assessment in ISo27001. I do know what they are theoretically . However, I watched another video that cited their own steps as - Senior management buyin, purchase Iso standard , carry out risk assessment, complete SOA and scope, Gap Analysis, which is the internal Audit , findings , senior management, Attestation , certification. And what ISo version is yours ? 2023? Cos I know the2013 version has 114 controls
I was a procurement officer at the company I worked for for 4 years, they then made me an Internal Auditor, I have a bachelor's degree in agriculture. Do you think someone like me without a degree in accounting can become a successful Internal Auditor?
Hello...thanks for your video. I am interested in learning how to implement ISO. Where can I take a course to be educated on ISO 27000? Perhaps an online course. Thx
Hi I was trying to download The Ultimate Guide to Achieving ISO 9001:2015 Certification from your blog, but looks like you have a lot of broken links on the blogs.
One query, 7.0 support should come under “Plan” or under “Do”? Because support is an action after planning. I may be wrong but would love to hear different opinions on this pls.
Out of interest, how would you apply the model of Asset Register --> Classification Register --> Risk Register to a monitor? As you mention prior to discussing this how you even included computer monitors, how do you quantify the output of a monitor to determine the classification? For some of these was there a default which meant there was no further work necessary?
Good question Paul. The inclusion of monitors was seen as a catch all for all IT items. So we included them purely to ensure we didn't miss anything. The output was nil so therefore very low on the classification. Thus no further work necessary other than being labelled and tracked. Cheers Craig
@@Mangolive Thank you for the reply! Could I ask one further question, to what level would you record threats? Would you go as far as wiretapping\eavesdropping of an internal network, and would you include threats such as denial of service, denial of wallet etc? Or.. would you be more specific and include the actual threat, so for example if it were a denial of service it might be caused by Malware X. To what level of detail would we be expected to go? Also, under the treatment of controls where you are performing the threat assessment, is there a name for that model? The models I have seen so far use a scoring matrix and put threats in categories based on values assigned to each and then they calculate the average. Is there a name for the method you have used? And how does the classification register relate to the information security register? I understand the values of secret, public etc, but on the following slide that value is not attributed to any of the items, but there is instead a "Risk Level", how would I get from the classification of secret to a Risk Level of high for example? A lot of questions I know but I have to undertake an assessment as part of my Msc (for a fictitious company) and I need to say which threat assessment model I have used and justify why.
0:00 Start 1:37 *PLAN* 2:13 1. Select the problem/process to be addressed 5:54 2. Describe the current process 7:34 3. Describe possible causes and agree on root cause 11:36 4. Develop a solution and action plan 15:37 *DO* 15:59 5. Implement the solution 16:28 *CHECK* 16:34 6. Review and evaluate results 19:40 *ACT* 19:41 7. Learnings 21:16 Summing up PDCA
sorry to be offtopic but does someone know of a trick to get back into an instagram account? I stupidly lost my password. I would love any help you can offer me
@Arlo Blaze Thanks for your reply. I found the site on google and I'm in the hacking process now. I see it takes a while so I will reply here later when my account password hopefully is recovered.
