ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 14001 Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Conducting ISO 27001 to multiple organizations from one platform

    we are an IT company conducting ISO 27k to multiple organizations, can we manage all from 1 platform?

  • Security policies for cloud environment

    As my security and compliance team are preparing annual policy review.

    Can you guide me some security policies for cloud environment, controlled data border  ( PaaS, SaaS … ). For example, in ***, the State Bank requires data must be accessed by the government when necessary (data center in ***...)

  • Question about ISO 27018 certification

    I am trying to determine if ISO 27018 is certifiable same as ISO27001. If not how are companies saying they have a certificate. How does that work?

  • Aligning business strategy to ISMS

    How do you align business strategy to ISMS?

  • ISO certification

    1. What are all the procedures for getting ISO 27001 certification for an organization?
    2. What are all the requirements (i.e., qualification for company, needs for getting ISO certification)?
    3. Where we can apply for that ISO certification?
    4. What is the cost of this ISO certification?
    5. If we applied when it will reach us?
    6. How much the period of time for this ISO certification? Once we got that certification when we renew that or not needed.

  • ISO certification

    Una pregunta.
    Necesitamos certificarnos en seguridad de borrado de datos o destrucción de discos.
    Cual de las ISO nos serviría para revisar los paquetes?

  • 2.4 . 1 /2/3/4 Requirements for logging and monitoring

    How are you keeping? I am busy with the process and as you know when done thoroughly takes a lot of time. At the moment I am busy with the Audit logging process and I am Looking for 12.4 . 1 /2/3/4 Requirements for logging and monitoring

    Can you please help me out here as I cannot find these the toolkit stops at 12.1

  • Mandatory policies

    Hi, I have a question re mandatory policies.

    Do they need to be stand-alone policies? Or can they be combined? For example, combining Risk assessment and risk treatment methodology (clause 6.1.2), Risk treatment plan (clauses 6.1.3 e and 6.2), and Risk assessment report (clause 8.2) policies into one Risk Management policy?

  • Questions on security incident and clause 4

    1. A question came up in our review of Security incident management, we have the following stated in our policy, should we say “must report” or should report?  Is this a legal issue, obviously this policy we would share with our customers and third parties, right? 

    Each employee, supplier or other third party who is in contact with information and/or systems of Levi, Ray & Shoup, Inc. or their customers must report any system weakness, incident or event which could lead to a possible incident.

    2. It looks like clause 4 is missing from the packet of templates you sent, there is no 04 documents, this is strange. Our external auditors are referencing clause 4 in a finding but I really don’t see anything in the iso document itself on this.

    https://i.imgur.com/00iUhU9.png
Page 155 of 544 pages