ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 14001 Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • MANAGING RECORDS KEPT ON THE BASIS OF THIS DOCUMENT

    A number of your documents have a section called 'MANAGING RECORDS KEPT ON THE BASIS OF THIS DOCUMENT'.  Is this absolutely necessary or can we delete this section?

  • Incident Management - Capturing the incident

    If we have a help desk system that we use to capture users  issues to the Help Desk, if this considered as Incident Mangaement.

    Can this supercede the need for an actual Incident Mangement Form?

    Standard say this is mandatory, but wouldn't this duplicate what is being done in the help desk ticketing system?

    Or does ISO27001 have a different definition to incident to incident in a help desk management system.

    Please assist, thanks.

  • 2-factor authentication for Virtual Private Network

    Is it a specified requirement in ISO27001 to have 2FA for a Virtual Private Network connection?

  • Signatures in documents

    I wanted to know if we need to get management signatures for each and every processes of ISO 27k and 20k OR we can get a one page signature on index page mentioning all processes with final version number as signed.
    Note:- Incase if management is not willing to sign multiple pages.

  • ISMS scope document

    1. What is to be included in the scoping document beyond simply stating the locations that are 'In-scope for the ISMS?

    2. and when does this document need to be created - before the Project Plan Is signed off?

  • Is the book still compliant with the latest amendment of ISO 22301?

    Thanks for the mail, and the explanation. I appreciate your effort in compiling such a comprehensive book and later following up on its effectiveness through below email communication. I wonder whether your book still stands compliant with the latest amendment of ISO22301 which was made in 2019. Pls advise. If there have been any changes due to the latest update, I would really appreciate if you can share your insight on those changes so that we can pursue the changes accordingly.

    FYI, I’m heading the Internal Audit function in a group of companies in ***. Last month, we delivered 3 days training to the senior management in one of the company on BCMS and have agreed with them to act as a consultant for them in preparing, developing, training and implementing BCMS in their company. This would lead them in aligning and making them prepared for ISO audit at a later date. Accordingly, your advice on the aforesaid matter would be highly appreciated

  • Statement of Applicability

    We are going to have our external surveillance audit soon and we have one control in the SOA that is still "in progress". What are the implications of this?

  • Scope of ISMS

    Here is how I scoped my ISMS.
    The management of information security as it relates to Product Management, Engineering, Development, Software, Vendor Management, and Customer applications and data

    The feedback from our auditor (during a pre-assessment) is that "The boundaries of the information security management system in terms of facilities/locations and personnel might be clarified. The determination of the boundaries within the scope is used to identify the interface of the system with other organizations, and where activities of the system are under *** full control and what security controls are addressed through other methods (agreements, supply management …) with other organizations."

    Would he be looking for geographic limitations, such as in the U.S., or cloud assets, globally, etc.? I'm not entirely sure what is missing in my scope.

    Any guidance/suggestions would be appreciated.

  • Understanding the organization and its context

    1. Can you provide any guidance or clarity on defining Clause 4.1 of ISO 27001, determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its information security management system?

    2. Also, where is this typically documented?

  • Organizational Chart

    We purchased your ISO27001 toolkit and have a quick question.

    In the ISMS Scope Document (and any other applicable) is it acceptable to reference an Organizational Chart in the document for Employees in the Organizational Unit and not include the actual names, or do I need to keep the Scope (and any other applicable) document updated as employees come and go within the organization?
Page 163 of 544 pages