ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 14001 Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Risk assessment question

    1. Pls correct me if my process is wrong, I have identified one risk title and risk level (High) after done risk assessment on one application, then this risk is treated by risk acceptance by risk owner in the period of acceptance time. Thus the risk level after this treatment I keep same level (High) and status close for the period of acceptance time then will be open again after period of acceptance time is over.

    2. Risk level of same risk title could be different or not after done risk assessment on different applications?
    I do appreciate for your kind comment and support.

  • Service as a Scope?

    Hello, 

    in the Scope Webinar it is said that software cannot be a scope, but a department can be.

    And what about a service? In our case, it is software support service, which we offer to our clients. Can it be the scope?

    Or in that case we have to formulate the scope as a department who performs the software support service?

    Thank you!

  • ISMS documents

    Que formatos debo utilizar para el cumplimiento de las cláusulas y controles de ISO27001. (Por ejemplo registro del alcance de SGSI, FODA - para conocimiento de saber a donde a punta la empresa y determinar su objetivos y alinearlos con el SGSI)

  • Risk treatment options

    Do we need to specify the treatment control for transferring risk to third party.

  • ISO 27701

    Hope all is well, and you are staying safe, I have a question for you and would appreciate your assessment on ISO/IEC 27701?

    According to my understanding, it is based on the research Personal Information Management system (PIMS), I was planning to do the Certification.

    I need your thoughts/views on the 27701?

  • Who should be the asset owner

    We have purchased your ISO27001. We are at the point of creating Risk Assessment Table. We have also watched the video of this area. The 2 questions we are divided on is:

    1 . A user of a laptop or computer - does the assets need to be listed separately with the individual user?

    2. If yes then every user would need to be presented as a group or individually to offer feedback of risks that they feel in individual to them for that asset? Correct? Would be interested in any feedback. Thanks

  • Change management process

    I just want to know that without change management process in it helpdesk is it possible to get iso 27001

  • ISO 22301 certification process

    can the organization certified ISO 22301 by partially. in example: only certified in head office, or only certified in certain service, or certain department (business units). what do you propose on the scoping for first time of ISO 22301 certification process.

  • ISO 27001 and SOC1

    is there any connection of ISO27001 with SOC1?

  • Scoping for ISO 27001

    I want to ask scoping for ISO 27001 standard. I want to know that we can go ''production network" as for scope in certification, not entire network of our company.
Page 160 of 544 pages