ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 14001 Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Model of safety dashboard

    In fact, I am looking for a model of safety dashboard; you don't have a kit for the implementation of the dashboard with performance indicators?

  • Mandatory Documents

    HI, A question about mandatory documents please..... Mandatory documents based on the main body of the standard's clauses as well as Annex A are listed on https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/ The documents relating to the main clauses are fine. But.... If you only accept a control because there's a risk identified that makes it applicable to the business doesn't that mean that one or more of he mandatory documents from Annex A won't get created? Or is it that the controls where mandatory documents are included are expected to be adopted by everyone (i.e. there will be risks that require those controls).

  • Approaches to meet ISO 27001 requirements

    What is the best approach for a five persons, 25 person, and a 100 person organization to proceed to meet the requirements and become mature in the processes of the ISMS?

  • Risk assessment question

    I do have a follow up question. You explained if a risk assessment requires better security from a provider or vendor, we can influence that vendor or choose a better one.

    But if that vendor was left outside of the scope, would they still be part of the risk assessment? Would it still come up?

    My concern would be that if we depend on a vendor to provide a secure service, but it's not in our control so we leave it out of our scope, how would we consider and manage it? Sounds like a loophole. 

    I suppose we shouldn't want to leave a vital process outside of our control to begin with, but am still wondering if there could be a loophole there... I get why a scope has to be chosen early, but if the risk assessment comes after the scope, it just seems to me that a vital asset or vulnerability could be left out of consideration. Which would mean a different risk management framework would be needed apart from ISO 27001?

    I might be going down the rabbit hole here. I really appreciated the webinar and guidance so far! It has helped me out a lot so far.

  • Ratio of successful cyber attacks on organisations who are ISO 27001 certified

    Are there statistics available which indicates the ratio of successful cyber attacks on organisations who are ISO 27001 certified against those who are not ISO 27001 certified?

  • Appendix 3 of Risk Assessment

    I hope you have time to just fill in the blanks here, we did a risk assessment on mobile devices specific, we were 4 people from different departments initiating this workshop to identify the risks for mobile devices.

    I get the feeling the assessment report is made for all of the assessments we are doing or like in our case we do it on several type of areas, like mobile devices.

    We identified four risks, we had 1 with the value 3 but we still accepted that risk and no other change was made in the appendix 2, in other words, we did not lower the risk value in this case.

    And to complete this risk we need to document this in 3 different files, Appendix 1, 2 and 3 (final report). 

    Can you help me figure out this last part?

  • ISO 27001 conformity

    Can you inform, whether authorities like third party approval authorities, market surveillance authorities and technical services are required to show conformity to 27001?

  • Risk Assessment - change

    Hi dear Team,

    as we made the Risk Assessment initially, a couple of months ago, we've had some servers in one of the locations, which had high Risk levels. Now, we've moved them to the cloud, and don't have those risks anymore. Should we now perform the Risk Assessment again? If yes, should the previous version be saved as well?

    Thank you!

  • ISO 27001 course and materials related to 2017 revision

    Hello, I want to do the iso 27001 course but I see that the one taught is not the current one for 2017, do you think that you will update it in a short time? The (2013) standard is certainly in force, but it would be nice if you indicated the variations with the 2017 standard in the course. Thanks again.

  • GDPR compliance

    How much time is required if you are a startup company with no governance structure to acheive gdpr compliance ?
Page 113 of 544 pages