ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 14001 Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • How safe is a certified company with ISO 27001 and ISO 27701?

    How safe is a certified company with ISO 27001 and ISO 27701?

  • Concern points 4 and 5 of document procedure for document and record

    Good morning, these items refer to the registration of incoming mails that for me the purpose of these processes is not very clear. I would like to understand a little more about the subject. Thanks.

  • Best practice approaches related to the Asset Inventory

    One question, could you please recommend any best practice approaches related to the Asset Inventory when it comes to SaaS accounts we have (shall those be listed in there or not, as we do not actually own the asset/account)?

  • Difference between controls

    I do not understand is the difference between controls to be assigned based on risk assessment (and risk treatment) and controls to be implemented based on Information security policy.

  • ISO for reputation management

    I'm revisiting the question if an ISO exists for reputation management (not to be confused with consumer feedback online review management) please?

  • Comprehensive Information Security Implementation

    What impact do the other 27000XX Standards have on a comprehensive Information Security Implementation for example 27701?

  • External Documents and the acceptable handling thereof

    thank you for your reply and your colleagues comments.

    I am still unsure about the external Documents and the acceptable handling thereof.

    External Documents: 

    Our Servicedesk registers documents within its tracking system.

    Do I need to keep an explicit record or may I argue that I can request any registered document from our Servicedesk? 

    I require advice which external  documents are required for the ISMS. Your colleague wrote:

    “Examples of external documents are laws and regulations you need to comply with, documentation sent by your customers or suppliers, etc.

    The identification of such documents can be made during identification of ISMS requirements and risk assessment.” 

    The only external documents that we identified as pertaining to our ISMS might be the auditors reports and certificates.

    Which “identification of ISMS requirements and risk assessment.” Is your colleague referring to?

    I leave my questions at that,

    I am looking forward to some clarification and will  continue from that.
Page 100 of 544 pages