Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
27001:2022 Query
Hi Dejan,
Regarding this article:
What's the difference between a Section and an Annex? (Is the Annex just an Appendix?)
ISO 27001 has 114 controls in Annex A - ISO 27002-2022 now has only 93, down from 114 - does/how does this affect the controls in 27001 Annex A - i.e. will they now be 93, not 114?
So will ISO 27001 become ISO 27002?
Also, in reality, how would a small company deal with the following:
A.5.7 Threat Intelligence - gather information and analyse them? (interpret)
Could this be outsourcing to AV/MDR or something else?
-
SoA update
I want to know how to convert ISO 27001:2013 SOA to ISO 27001:2022 directly, not from scratch?
-
Controls in new ISO 27001
Thanks for the Read Controls - are they being implemented too as new upgrade in industries or sectors where 27K1 is applied from 2022?!
-
ISO/IEC 27001 Implementation
I am working as ISO IEC 27001 Implementation consultant. I need your help in defining the products range which we can use to achieve ISO 27001 requirements and controls.
ISO 27001 can be achieved by very simple tools as Excel sheets or sophisticated tools which users are not familiar especially if we are speaking about medium and enterprise organization.
What are the tools which we can bind to ISO 27001 clauses and Annex A to give the customer the chance to choose from the different products and solutions to achieve the ISO 27001 certifications.
-
Change control document
In regards to the document, I have a few questions that I hoped you could help me answer.
In regards to change control, I noticed that your document only covers high level changes, however, our needs go deeper as far as controlling the changes in software, virtual machines and any other aspects of our technological and development environments.,
Could you assist me in tailoring this template for those needs in compliance with the ISO27001/22301?
-
Is ISO 27001 certification relevant for us?
I have a Ltd company, with only 1 employee and we deal with physical records storage in a warehouse. One of our clients has asked us to get ISO 27001 certification, but I don’t know if it’s relevant for us as I was under the impression it was more for IT security etc.?
-
Some question about certification ISO 27001
we’ve got some questions about the documents required for ISO 27001:
On which documents do we have to write the information like “User, Version, Change History etc.”. In the document “00_Verfahren_zur_Lenkung_von_Dokumenten” is written that this proceedure encompasses all documents and records, stored in any possible form – paper, audio, video – if the documents are related to the ISMS. But which documents does it concern exaxtly?
Similar question: Which documents have to include the masterlist and which the incoming mail book?
And then we need to know, which information could be confidential? The entire certification prozess of the ISMS is’nt confidential but completely public for us.We hope you can help and look forward to hearing from you.
-
Assets
If the business is implementing ISO 27001 and their all servers, and assets are on the cloud only except a few laptops, and ISMS scope is all services provided by their business in which cloud servers are being used, so my understanding says cloud servers will also be a part of the scope in assets list for the ISMS audit. Business is assuming cloud servers should not be in the scope as they are not going with ISO 27017 certification which is focusing on cloud security.., my own opinion is cloud assets would be part of the scope and they should be part of the ISMS audit. Please confirm your opinion.
-
ISO 27001 Auditor Question
If the business is going with ISO 27001 External Audit by Certification authority, and the Auditor finds on the first day of Stage 1 audit that all mandatory documents are available with right information, except Internal audit was not performed by the client so no document related to Internal Audit Program, or Record available.
My opinion says it is a failed audit with major non conformity at Stage 1 Audit as mandatory requirement of Internal Audit was not performed. Should the Auditor stop the audit after notifying the client? Could you please suggest your opinion on this? Can the auditor suggest that the client undergo ISMS implementation training?
Your response will be highly appreciated.
-
ISO 270001 documentation format
We need your assistance.
Can you confirm that this CONFLUENCE-based format is acceptable for submission to ISO or do we have to submit in a MS WORD/ODF format as per your slides/ guide?