ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit AS9100 Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • GDPR Certification Exam

    Thank you for your continued support and advice, it is greatly appreciated. 1 - It is my intention to write the GDPR Certification Exam the end of this Month. I trust that this will create the Environment that will enable me to write both ISO 27001 Lead Implementor and Lead Auditor Exams. 2 - I would really appreciate any Communications regarding progress on Creation of Advisers POPIA Content and an opportunity to present same to a number of Corporate and Government Clients in our portfolio. Please be assured of my commitment to broadening my ISO Certifications based upon the Advisers offerings

  • ISO 27001 - Capacity SaaS

    Hello - I have purchased the ISO27001 Toolkit and the auditor asked about capacity planning reporting for SaaS like Microsoft 365 apps (Devops/Sharepoint). In Short - how do you address capacity planning in SaaS which is out of your control ? He points to cpu and utilisation, but even though i explained this, his says that i should still have oversight and be able to check the capacity of the services provided. I am not sure if i could or should or be allowed to exclude the hardware of the SaaS provider in my scope ? I hope you can advise.....

  • Information/data retention and destruction policy

    I currently need to create information retention and destruction policy and was hoping you might have a template and/or examples we could use. We purchased your ISO27001 documentation package a couple of years ago and have implemented (but not certified) using those docs. I went through the ones we didn’t use and the only one that appeared to be possibly appropriate was A.11.2. Any guidance would be appreciated.

  • Method or methodology to implement ISO 27001 requirements

    As I understand, ISO 27001 is a standard, a set of requirements to be met by a company to be compliant with. But ISO does not provide a method or a methodology to implement the requirements. Is that true ? If yes, could you please name a widely accepted method or methodology to do so.

  • Document 14.1

    Can you explain how document 14.1 should be filled out? I understand that there's some relationship to the risks listed in document 5.1, but I'm not sure which assets are required to be listed in document 14.1. To be more specific, we're running a SAAS company with at least these three types of information systems: Software used in internal development. The software that we develop. Note that the version of this software changes as we're developing it. The software that runs in the production environment. I'm not sure which ones of these should be listed in 14.1.

  • Security and Privacy

    My question was regarding that, what is the difference between 27001 and our ’Security and Privacy’ protection for patients’ data?  I am trying to understand if we get ISO 27001 certificate, do we still need to obtain separated privacy and security protection or not?

  • Risk Assessments for Early Start up

    I am putting our together our first Risk Assessment.  As a small start-up (10 people) with limited assets, I was hoping to put together a simple Risk Assessment with more generic items. I took these lists from different NIST Standards.  Do you believe this would create a compliant risk assessment: Asset List: Person, Organization, System, Software, Database, Network, Service, Data, Computing Device, Circuit, Website Threat Options: Adversarial, Accidental, Structural, Environmental, Vulnerability Options, Information -Related, Technical – Architectural, Technical – Functional, Operational/Environmental Basically, are these categories too broad to be used in a compliant risk assessment?

  • Defining scope of application and scope for ISMS

    How do I best define the scope of application and scope for the ISMS? Our web application processes data from ERP systems and documents that are exchanged via them.

  • BC Strategy

    Hi, I am implementing ISO 22301:2019 standards in my organization. I have different dept. in scope and currently I am drafting and designing the BC Strategy document for all these dept. I have some queries which are as below. With regards to the BC strategy solutions like People, Facilities, Data, Human Resource, transportation, finance and 3rd party. As I need to consider all these solution and options, and I am implementing it in one organization which has same
    • Alternate working location
    • Transportation channel to alternate location
    • HR dept. to provide the people for work.
    • Financial dept. to reimburse for any finances
    • IT DR location and IT application which is managed and backup by single IT dept.
    Based on above option, I assume that all dept. will have more or less the same strategy with respect to above solutions. Please correct me if I am wrong. Only option they will differ is the suppliers which can be differently handled by different departments. Please suggest me with your advises on above.

  • Audit report

    say you completed an audit, submitted the audit report to top management for review. Now that management has read the report, they disagree with some of the findings. What is the best or common practice to address such feedback in relation to the report that has already been finalized?
Page 85 of 544 pages