ISO 27001 & 22301 - Expert Advice Community

ISMS scope

Would like to seek for your advise as below:

Scope: Provision of IT services of the Data Centre Facilities at DC1 & DC2 to the customers of ***.

Changes: DC1 going to be migrated to a rent space at DC3 in 2 years time with self remote manage all systems

                  To include Security Monitoring Centre in the scope in 2 years time

Questions:

1. Should DC1 to be excluded from the scope and when?

2. How to include systems hosted at DC3 in the Scope and under proper security control?

3. What will be the recommended scope statement due to the changes?

Let us know if any further information needed.

Using HLS to combine 27001 with other standards

How can the HLS be used to combine 27001 with other standards?

If 27001 was fully implemented and certified, would you pass a SOC 2 type 2 attestation?

If 27001 was fully implemented and certified, would you pass a SOC 2 type 2 attestation?

ISO 27001 certification needed

My company asked me to do ISO 27001 to work on SOC 2. Please guide me which certification I need to do for this as there are 4 types of ISO 27001.

ISO 27001 change process: 2013 to 2022

If certified ISMS is changed from being compliant with ISO 27001 2013, to be compliant with the new ISO 27001 2022, is it still (in theory) actually going to be compliant with both versions? also 2013 version? and suitable being audited against old version too? My point is, that could give flexibility for the change process, and it could be started straight away.

Confidentiality Level & the ISO 27001 Standard

1 - Should all documents have a confidentiality level?

2 - Also in the standard Annex A there is a table of 'A' numbers, example A.12.1.3 how do I link these to the clauses in the standard? Example 9 Performance evaluation?

Trying to map additions

Thank you for the last answers (https://community.advisera.com/topic/risk-treatment-and-rtp/#comment=reply-21525).

I have two topics and questions about them. 

I have the new Advisera ISO 27001 2022 Toolkit. I am trying to map additions caused by the new version of the ISO 27001 2022 standard’s main part (clauses 4 to 10) from the Toolkit, e.g. 6.3 and 8.1 among others, but can not seem to find them.

Are the standard’s changes such in nature that they can be seemed already included to the old version of the document templates? or why I can not find them? 

Can ISO 27001 2013 certified company make all the changes required for the new ISO 27001 2022 version, and if compliant, certify against 2022 version in the middle of the 3 year validity period in one of the surveillance audits?

It probably is required to have internal audit done against 2022 version before certification?

Procedure for document and record control

We are actually working on the document ’PROCEDURE FOR DOCUMENT AND RECORD CONTROL’

For ***, I am guessing whether it can be Conformio Platform or not.

Each external document that is necessary for the planning and operation of the ISMS must be recorded in the *** or in the *** according to their form. The *** and the *** must contain the following information: sender, document name, and date of receipt.

The person who receives such external documents in paper or other physical forms (e.g., through regular mail or as courier parcels) must make a record in the ***. The person who receives external documents in electronic form (e.g., through email) must record them in the ***.

Question : I would like to know if we can use Conformio instead of CRM ( which makes no sense in the case)

Code of Conduct

Hi Team, can you please let me know how I can create our Code of Conduct please? thanks.

Annual Review Templates

Are there any templates for evidencing annual reviews of supplier security documents?