ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 14001 Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Requirements for ISO 27001 Certification

    We are planning to implement ISO 27001 requirements in one of the BUs in the organization. However, before we start, we have heard that it requires a BU / organization to be operational for 1 year before applying for the certification. We are relatively a new BU and have a plan to complete the implementation and apply for certification before 1 year of operations.

    Can you please guide me, if this is valid - If we don't complete one year of operations, we are not eligible to apply for the certification?

  • Secure System Engineering Principles

    I am interested in the Secure System Engineering Principles and what level of documentation is required?

  • ISMS Risk Survey

    Como alinear el levantamiento de Riesgo de SGSI con otras unidades de mi organización, para hacerlo en conjunto, por ejemplo con finanzas, proceso, etc. Se podría dar riesgos en común?

    How to align the ISMS risk assessment with other units of my organization, to do it together, for example with finances, process, etc. Could you give risks in common?

  • Information security policy

    We have developed IS polices and Procedures recently and as per our company rules, procedures shall be approved by CEO and policy by BOD. The management said tat the information security polices shouldn't be a policy yuo should name it procedure
    and now i need evidence from ISO 27001 saying that we must have a policy.

  • Corrective Action Form

    I was just wondering about the “Corrective Action Form”, as the Incident Log makes reference to it. There is a column for “Reference to the Corrective Action Form”, and the comment reads “Number of Corrective Action Form - the idea is to improve the system based on each incident in line with the Procedure for Corrective Action.”

    If we were to buy the Corrective Action Form, how would we fill in this column? With for example, “action points:…” or with a number?

  • Measuring success of Information Security

    1- I'm I right to say or think that we measure the success of Information Security by defining Key Performance Indicators (KPIs) for each Information Security Program?

    2 - If so, how does one measure the success of the information Security program according to ISO27001. 

    3 - Again, what specific KPI examples can you mention to me?

  • Política de uso de criptografia

    Adquiri a política de uso de criptografia, entretanto achei-a muito simples. Por gentileza, teria material adicional a respeito do assunto?

  • Encryption Use Policy

    I acquired the cryptography usage policy, however I found it very simple. Please, do you have additional material on the subject?

  • ISMS Controls

    1 - I would like to know more about the Controls, are there any categories for controls ??

    2 - Important controls / not so important controls ??

  • Business abiding by ISO 27001 when using BYOD policy

    How would a business abide by ISO 27001 when using a BYOD policy?
Page 101 of 544 pages