ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit AS9100 Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Conformio expert questions

    1. In the Project Plan document under section 3.4.3. the document is referencing a project team, however later on the title of the table is "Participants in the project". There is an inconsistency in the understanding of who are the members of the project team as there can be more participants in the project than the team members, especially if it is a larger company. Can you please clarify this section for me in this document?

    2. We are a very small company and we do not have Head of IT department, but only the Senior IT technician and two IT support guys. In Conformio I can only define one IT support job title for one of the guys, but I cannot give the same job title to the second IT support person even though both of them have the same job title in our company. Can you explain why this is so?

    3. We want to declare all printed documents as unreliable and therefore uncontrolled, but we were not able to find a way to do that in the Procedure for document and record control. Can you advise how we can add this statement in this document or where we can add this statement?

  • Risk Register Team work question

    I have one more question, I am preparing a review of mandatory documents for our ISO certification and I am using Advisera checklist to make sure we comply. 

    I have noticed that the checklist is slightly different to the steps I'm working on in Conformio. Would you please be so kind and let me know, where can I find documents marked in red in the screenshot below? Thank you in advance!

    Documents I can prepare in Conformio: https://i.imgur.com/dddfECG.png

    Documents listed as mandatory, red dots highlight the ones I am unsure where to find them.
    https://i.imgur.com/lgFtGY1.png

  • ISO 27001 A.8. 1.1 Asset Inventory

    Please in building an asset record for IT assets like servers and network devices, what is acceptable as a unique identifier to uniquely identify assets in a manner that cannot be easily manipulated. Thanks

  • Mandatory docs

    *** are getting ready for their internal audit, and they are asking about some mandatory documents, which I also can’t find on the platform. Please advise how we can generate the following ones: Definition of security roles and responsibilities (clauses A.7.1.2 and A.13.2.4) Acceptable use of assets (clause A.8.1.3) Secure system engineering principles (clause A.14.2.5) Business continuity procedures (clause A.17.1.2) Logs of user activities, exceptions, and security events (clauses A.12.4.1 and A.12.4.3)

  • Using ISO 9001 policies for ISO 27001

    We are now in the process of implementing the ISO 9001 standard in our company and we have already developed some policies that are also necessary for implementing ISO 27001 like Access Control Policy, Information Security Policy etc. Once we get certified in ISO 9001 and start with ISO 27001, can we use the same policies that we already developed, or do we need to write?

  • Records of training, skills, experience and qualifications

    I have a question regarding the below mandatory requirement: Records of training, skills, experience and qualifications (clause 7.2) Is it for every staff at the company to list the qualifications or is it only for those that are involved in implementing ISO27001 Project?

  • List of legal, regulatory, contractual requirements

    Estimados, buenas tardes.   Su ayuda con la siguiente consulta que tengo: Dentro de los requisitos contractuales que se deben detallar en el documento 02.1_Apendice 1.  tenemos internamente un "Acuerdo de Confidencialidad" en el cual se indican varios puntos importantes (requisitos), pero no se encuentran enumerados o separados, en este caso, ¿debo colocar todos estos requisitos de forma separada en el 02.1 Apéndice 1, quedando de la siguiente forma: ? https://i.imgur.com/ojDKalv.png ¿O cuál sería la forma correcta de indicar todos estos requisitos en el documento?

  • Conformio expert question

    1. How to handle legal and contractual requirements and what clauses require this in the standard? 2. Is it required that the person who is doing the Audit needs to have training in Internal Auditing and ISO 27001?

  • ISO 27001 expert question

    Would you be able to advise what I should be looking for when I want to get a cloud based CMMS system? Do I need a system that has ISO 9001 or ISO 27001 certification?
Page 53 of 544 pages