QUESTION
(In this question, you will need to use the ISO 27001:2005 and ISO 27002:2005 standards)
For each of the situations below, comment on the following:
1. Mention most relevant clause of ISO 27001:2005
2. Whether the practice followed in the organization is appropriate and implemented as per the requirement of relevant control of ISO 27001
3. If not, indicate the deviation.
Situation A
An organization wants to dispose its old PC's and to get new ones in exchange. What steps should it take to meet the requirement of ISO 27001: 2005?
Situation B
An organisation which is ISO 27001 certified has a back-up policy which calls for sending by courier on a weekly basis a copy of its latest back up media for storage offsite. What requirements must the organisation meet to be compliant with ISO 27001?