ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 14001 Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Scope definition

    In the scope definition I write only what the company does and where it does it (address), don't you need to write the processes involved in the scope?

  • Definição de escopo

    Na definição de escopo eu escrevo apenas o que a empresa faz e onde faz (endereço), não precisa escrever os processos envolvidos no escopo?

  • ISO 27001 and Job description

    Just wanted to know if ISO 27001 requires Job description to be signed off

  • ISO 27001 certifying firm

    I need ISO 27001 certifying firm. can you help me to get.

  • Contradiction in reading material

    I'm finding a contradiction. In the article Practical use of corrective actions for ISO 27001 and ISO 22301, it says under Required Documents that that a procedure must be documented. But further down, it says that it is not mandatory. Which is it?

  • ISO 27001 Certification

    I have a question on the ISO27001 Certification, which you might help. 1. What is the frequency of auditing of the certification after an organization is certified. 2. Is there a difference in the depth of auditing controls between the initial certification audit and the successive audits.

  • Incident Response Plan Policy

    I’m in the process of writing an Incident Response Plan Policy.  Our company purchased the 27001 Documentation Toolkit and I only saw the IRP Procedure.  Do you have a IRP Policy somewhere in this toolkit that I can’t find or do I have to purchase this separately?

  • Documents development

    All the documents have some "Reference documents". Is it preferred to have all the reference documents written before approving the document referring to them?

    For example, if we have document 1, which has references to 2, 3, and 4, do we approve all of them simultaneously, or can we approve 1 even if we haven't written 2, 3, or 4?

    I'd say we can approve them separately because the references would cover the entire project in the end, and then we would have to have all of the documents ready before approving any.
    But what do you think is the preferred way?

  • Question about ISMS

    We have bought the toolkit (German version) and I have one question: 

    Which parts and elements are needed within the documentation and description of interfaces and dependencies from “outside” services in connection with the scope of the ISMS. We have identified several interfaces to parties which are not directly included in the scope of the ISMS. For example:

    • Suppliers
    • HR
    • External software developing companies
    • Legal department
    • Data from external component manufactures needed for our product in the scope

    So what is needed to describe these interfaces?

  • ISO 27001 Implementation

    Greetings. I am an entrepreneur trading as business consulting and innovative solutions provider entity. Having in mind expansion to the business incubator accelerator in another 16 months. How realistic is ISO 27001 implementation in my case on this stage- as I am not a company but sole trader? Thank you.
Page 110 of 544 pages