Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Question about eBook
Last week, I bought “ (eBook) Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own”.
Is there a supplementary document to describe the impact that ISO 27001:2022, has on the ebook?
-
Register of external correspondence
I'm finalizing the procedure for document control and a little bit confused about the section regard external correspondence. It suggests we need a register to document external correspondence, but what does this entail? We currently don't have a process for this.
Is the expectation that any document we receive externally (via email or physically) needs to be documented? If not, what examples of documents would we need to take note of?
-
Annual Audit Program
Hi Dejan! I'm been watching your videos on Advisera and planning to take the exam. I was wonder under the Annual Audit Programme you said that companies can define their audit criteria? I was wondering from an external audit perspective, wouldn’t the audit compulsorily look at The standard, internal policies and procedure, legislation requirements and Interested parties requirements?
Is there room to say the audit criteria can be scoped to just the standard and not the internal policies etc?
-
Energy Management
We are an energy utility company and are seeking to implement ISO 27001:2022 throughout our business units. We also came across ISO 27019:2020 and there some additional controls specifically for energy utility company. Do we need to add these controls in our SOA? If so, how will we insert it? Thank you!
-
How to treat risk with own control?
Can you please tell me how we can treat a risk in the risk register with an own security control (not one of the controls of Annex A)?
-
SoA 2022 version
Hello, I have a question regarding Annex A controls. We are going to certification in Autumn 2023. Can we use the new set of Controls for our SoA, even if there is still no accredited certification body for 2022 version?