ISO 27001 & 22301 - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Communication Security

    I want to know how to document network controls when we don't have a specific server for our company connecting the computers.
    All our databases are cloud based, so we don't require a server. Can I exclude A.13.1 fully.

  • ISO 9001 + 27001 + 22301 implementation

    1. I would like to implement ISO 9001 + 27001 (+ 27002 + 27031) + 22301 (+22313) all at the same time within the same company. I know there is quite a lot of overlap between these standards, but what would you advise we use as a starting point? Should we start with 9001 and add-on all of the additional requirements from the other standards? or start with 27001 ... ? What would you recommend?

    2. Is there some sort of overview available of the overlap and differences between these standards?

  • IT and Riscs

    Tenemos la siguiente duda para saber si con esto resolvemos

    De parte de la gerencia de TI y Riegos.

    1-La entidad ya dispone de un manual de análisis de riesgo integral. Como seria la integración con la metodología de evaluación de riesgos y tratamiento en seguridad de la información? Podría tener 2 manuales o se podría integrar 1 solo y agregar el acápite

    2-La entidad ya dispone de manual de análisis de riesgos TI, pero esta diferente a la metodología que ustedes desarrollaron? Los riesgos de TI serian diferentes a los riesgos de seguridad de la información, se podrían tener 2 manuales diferente o integrar y unificarlo con el documento de advisera?

    Nota: Las dudas son básicamente a que si las áreas de tecnologia y riesgos integral tienen una parte de contenido de sus metodología pero la integración o el uso de los manuales con advisera como seria que no afecte las documentaciones actuales

    Yo laboro para el área de seguridad y ciberseguridad soy el oficial a cargo pero no quiero tener conflictos con esas dos áreas las cuales siguen unas metodologías que no son 100% iso27001 aunque tenga elementos o algunos.

  • BCP templates

    I downloaded form of documents (ISO 27001/ISO 22301 Toolkit demo) and have a question:
    Because I need just BCP for manufactory, are the forms suitable for companies in the manufacturing sector?

  • ISO 27001 Maintenance Logs

    Hello, I'm trying to find out if ISO 27001 requires a company to have maintenance logs of all systems or whether this is optional?

  • Integrated systems

    My company ***, is already ISO 9001 certified. This certification is handled by a group in operations.

    I am in IT and we are looking to implement ISO 27001 (we have purchased your templates). There are some similarities, what documents can I use from 9001 in 27001?

  • How to create item 4 of ISO 27001

    I am implementing ISO 27001 in the company I work for, but the spreadsheet created by the consultancy that serves us is more based on ISO 9001 than for ISO 27001, is there another way to document this item, or would it be basically like ISO 9001?

  • Como Criar o item 4 da ISO 27001

    Estou implantando a ISO 27001 na empresa que trabalho, mas a planilha criada pela consultoria que nos atende, é mais baseada na ISO 9001 do que para a ISO 27001, tem outra forma de documentar esse item, ou seria basicamente como na ISO 9001?

  • Requirement for DR site

    I am looking for the requirement for the DR site to be at least 15km away from the main site.

  • Can we change the scope of ISO 27001

    I have a little problem or a concept that I want to ask related to ISO 27001 scope and ISMS
    let for example a new startup start and when they have 20 employee they will try to certify themselves and they got certified and they certified whole organization because they CEO think that it will help them in market as well in information security
    and when they grow and when they have about for example 3000 employee they understand that they didn't need to certify every bit of area of organization with iso 27001 and they just want to change they scope from whole organization to only for those information about they employee and they customer so at the end they can able to do that or not????
    i know a gave a example that we can't see in our real life but we can do that or not??
    wait for you reply
    hope you will understand what i want to say :)

Page 1 of 389 pages