ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 14001 Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Roles and Responsibilities

    Is an obligation define roles and responsabilities for TI in a Company with different Areas or Department? and that roles must be included in the Organizational Chart?

  • ISO 27001 for medium-sized companies

    Isn't ISO27001 a bit oversized for medium-sized companies with a company size of approx. 270 employees? especially if you are not in system-critical industries?

  • Required reference documents for EU GDPR & ISO 27001 Integrated Documentation Toolkit

    So EU GDPR & ISO 27001 Integrated Documentation Toolkit does not include Annex A for ISO 27001. Do you have a product or book or set of items that we could buy that has the required documents so we could do the “Integrated Documentation Toolkit”? some sort of additional product addon?

  • Annex A controls to be applied while mitigating GDPR related risks

    We are ISO 27001 compliant and we have the GDPR controls in place as well. Last time we had an external audit, the auditor had suggested that while we mentioned the GDPR related risk in the ISMS risk assessment sheet the control numbers listed were not mapped correctly. Can you advise which of the Annex A controls are to be applied while we try to mitigate GDPR related risks? Also, do we have any other Annex for GDPR related risks controls?

  • Is ISO 27001 applicable to community non-profit with regards to ensuring continuity?

    Would this standard be applicable to a community non profit with regards to ensuring continuity?

  • Intermediary device security

    I am new to the ISO 27000 series, and I would like to know where I will be able to find intermediary device security requirements In order to adhere to the ISO standards.

  • Including WFH or teleworking in audit plan

    problem statement: an external auditor company did not include WFH or teleworking in their audit plan, but the company had already implemented an "ad hoc" WFH during this pandemic without consultation with employees and without government regulatory approval.

    1 - can external auditor still considered this compliant and an ISO/IEC 27001 certification be awarded to the company?

    2 - is there such thing as partial certification?

  • Details about Documents Assets

    I need details on documents assets. Do we consider the employee information spreadsheet also an information asset? Or is just the agreements, contracts etc, which are considered as assets? Please clarify.

  • ISO documentation

    When the organisation is certified with ISO9001 and 27001, and have all the required policies in place. Now that we are in a pandemic what are the documentation changes we need to make in order to accommodate changes like work from home, health and safety etc.
Page 137 of 544 pages