ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001 Internal Auditor Course Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Business continuity terms

    Is MTPD equivalent to MTD or MAO as per ISO 22301? Where we can find MTPD terminology?

  • Mandatory and non-mandatory documents

    Your website (https://info.advisera.com/27001academy/free-download/checklist-of-mandatory-documentation-required-by-iso-27001) indicates MANDATORY Documents and NON mandatory Documents. Yet you say for the NON MANDATORY - "However, I find these non-mandatory documents to be most commonly used:"

    1 - So what are the Documents needed to pass and What documents are NOT, and Still Pass the ISO 27001 cert?

    2 - Are you saying the List you show in the List are the Items We dont Need?

  • ISO 27001 Lead Implementor - need to maintain certification

    Hi,


    As per the subject - if I were to sit and successfully pass the ISO 27001 Lead Implementor Exam does this certification expire or need renewing agter a period of time?

    Thanks
    Lee

  • BIA or RA

    Thank you Dejan for addressing my question during this webinar.

    My confusion is which one comes first BIA or RA. Also, how can the results of the RA be used in the BIA?

  • Inventory of assets & risk methodology

    1. How detailed and far does the inventory of assets need to be? (do we need to list each laptop and cell phone for example)

    2. When a risk assessment is performed does the risk owner have to do a risk assessment on all the assets every year or the assets that are deemed to be threats or vulnerable.

    3. Why is the inventory of assets not listed under the reference document as well as 3.1.2 in the Risk assessment and risk treatment Methodology document?

  • CISO and document management

    Two questions arose regarding the documentation toolkit for ISO 27001:

    1. Is it okay if a Chief Information Security Officer (CISO) also releases documents (instead of the CEO)?
    2. Can we omit the chapter "Managing records kept on the basis of this document" for the document "00_Procedure_for_Document_and_Record_Control"?

    Thank you in advance!

  • Stage 1 and stage 2 in internal audit

    Hi, I would like to know more about stage 1 and stage 2 in the internal audit. Will be great if the expert sends me an email about stage 1 and its contents and stage 2 as well, for the ISO 27001 2013 internal audit.

  • Corporate Branding policy

    Hi! We are considering strengthening our control for our corporate logo by creating a Corporate Branding policy. However, I am not sure what control objective of the ISO 27001 will be most applicable for this. Can you help me? Thanks.

  • Controls from section A.18

    6 - In the Demonstration Kit, in the ANNEX A folder, we did not find any demonstration documents that deal with item A.18, is this item disseminated in other documents?
Page 95 of 544 pages