ISO 27001 & 22301 - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Online meeting recording

     I am interested how it is with online meeting recordings. Which point in ISO27001 is covering this topic? We are trying to present our proposal to the potential customer and he would like to record the meeting. In our presentation there will be a lot of sensitive information and knowhow. Can we disagree with recording based on iso27001, and if not, what we need to be careful about? I need your answer ASAP... thank you in advance.

  • ROSI - interpreting calculated value

    Hi I wonder how I should Think when i calculate my ROSI value . If I receive a positive value I should invest in that security correction and if I receive a negative value I should not invest. Have I understood it right?

  • Organisational Resilience and Business Continuity Management

     Can you explain to me what the nature of the relationship is between Organisational Resilience and Business Continuity Management?
    Do you know practical examples of resilient companies?

  • My question on security incident

    Hello Dejan,

    I believe you are the most knowledgeable and good trainer on Information security.

    One question is haunting me and I thought, who would be better than you to answer this question.

    Is scamming bank account holder over telephone, successfully or unsuccessfully, considered as a security incident by bank. Is this incidence recorded in banks incident register?

    If not, why not?

    Do you have any webinar on third party vendor audits? I am interested in this even if it is a paid activity.

  • Isolation of Sensitive Systems

    I would like to request for your comment or idea on which I still doubt on how to check this point "Isolation of Sensitive Systems" - According to identified risks, do sensitive application systems operate in an isolated processing environment?

    I would very much appreciate for your kindly comment and any idea.

  • ISO 27001 certification for subsidiary companies

    Hi, We are considering going for ISO 27001 certification but we have a fully owned subsidiary company in the *** (we are *** based).

    1 - Is it possible to certify the two together or is it necessary to seek certification for each one individually?
    2 - Similarly would we need a separate ISMS for each?

  • ISO27001 General Question

    How does external auditing firms (for ISO27001 certification) view clients who call “Standard Operating Procedures” Policies?  We both know there is a clear difference between Policies, Procedures, and Guidelines.  However, this firm calls SOP policies, and in most cases it looks like it.

    What’s your perspective?

  • Identifying the required skills for ISMS

    I am interested Clause 7 and in identifying the required skills for ISMS. What documents can I refer to for that

  • ISO 27001 budgeting

    hi! could you help me with budget dividing into CAPEX and OPEX for ISMS (ISO27001) improving?

  • Question about assets for threats

    You have made a really neat illustration of the relationship between Assets, Theats, Liabilities and the appropriate Controls which makes it fairly easy to explain the relevant issues. The Asset in question is a Laptop and I am wondering if you may have any other illustrations, either for downloads or to buy?

    Looking forward to hearing from you at your earliest convenience.

Page 1 of 417 pages