ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment ISO 9001 Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001 Internal Auditor Course Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 27001 implementation and certification

    I work as a freelance, a company asks me to implement the network and manage it in such a way that the most important asset is the information, they tell me that it applies ISO, my question is if applying the standard is the same as certifying? If I apply the standard but do not certify I'm not sure what happens? I need to understand the subject.

  • Risk assessment

    I am working on my risk register now and I have identified 100 threats. How many usually are identified?

  • Risks and opportunities

    In the organization in which we work, we have implemented and certified the Information Security System according to ISO 27001: 2013, as well as Quality in accordance with ISO 9001: 2015. It turns out that in the observations generated in the audits is that we must implement, justify and better evidence the Opportunities in what corresponds to the requirement 6.1.1 Actions to address risks and opportunities or Actions to address risks and opportunities.

  • Various questions regarding toolkit

    1. Let us say that the laptops and/or servers (or let us say in general asset types) have the same purpose, would we have to multiply each risk by 3 just because there are different Asset Owners?

  • 27001 training

    I'm interested in getting my ISO 27k1 training and cert. However, there is a huge discrepancy between training vendors. I'm new in Switzerland (originally from Canada), and find it extremely expensive here compared to similar programs in the EU. Also, the courses seem to differ slightly. Some offer intro for 900€-1200€ and others are 2000€+ for what seems to be the same. In Switzerland it's 3500chf+ just for the intro. Are there preferred study methods and certification routes?

  • Handling residual risks

    What are the ways to control the residual risks ?

  • Template content - Policy for mobile devices and teleworking

    I have another question about the policy for mobile devices and teleworking. Where exactly is my question: Area Teleworking Comment:"In smaller companies this doesn’t need to be documented. It should be sufficient to identify existing rules.“ What does „identifying of existing rules“ mean? Does it mean to create another document (in addition to the policy) which describes the teleworking rules what the company defines?

  • Template content - Teleworking

    I have another question about the policy for mobile devices and telework. My question is about telework.
Page 252 of 544 pages