ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 14001 Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Risk assessment and treatment

    We had purchased Advisera’s ISO 27001/22301 documentation toolkit. With regard to the risk assessment and treatment score, our consultant wants to adopt a different matrix for preparing the risk register since he has not come across the scoring methodology you have suggested in the attached document.

    Could you please confirm that the scoring method you have given us (for the likelihood, severity and risk scores) is an accepted method by certification bodies since we do not want to face problems with our certification body?

  • Change management

    What guidance can be offered for implementing a change management procedure that takes into account a technology company who is continuously changing? We are implementing a CI/CD (continuous integration and continuous deployment) pipeline and unsure about the best way to handle change for both software and cloud infrastructure to meet ISO 27001 requirements. Any sample policies or guidance in this are would be very helpful.

  • Access control

    Is it anywhere in the iso 27001 standard explicitly defined/written that HR department should define access rights based on the valid work positions in the company? if it is, please tell me in which clause of the standard
    or if it is NOT, than who should define who should perform this task while implementation of iso 27001 in one company? management board? can this as a task be assigned to IT department in coordination with HR department?

  • Integrating ISO 27001 and ISO 9001

    Now my organization has 9001 but want to implement 27001 how would the integration look like or do you need to have a separate quality manual

  • ISO 27018 versions

    What's the difference between ISO 27018:2014 and ISO 27018:2019?

  • ISO 27001 new version

    Hello, I'm a legal counsel of the IT-company. We are going to implement ISO 27001. I have found the checklist and toolkit for 27001:2013. But I know that there is the newer version - 27001:2018. My question is: if we prepare all the documents and standards according to the requirements of the 2013 version, shall we be able to pass the certification? Thanks.

  • ISO 27001 certification process

    1. I am currently in the process of trying to get our company ISO 27001 certified. That being said, after going through your toolkit and getting all the document and policies in place, what would be our next step?
    2. Who is it that certifies us that we are ISO 27001 certified and provides the certification?
    3. I also see that you have a course for lead auditor, what is the benefit of this certification?

  • ISO 27001 and SIEM

    Me gustaria tratar el tema acerca de como integrar la ISO 27001 con la implementación de un SIEM, es decir, tengo claros algunos conceptos y algunas relaciones existentes, pero me gustaria fundamentar de mejor manera dicha integración y conocer mas acerca de la ISO 27001 para poder relacionarla.

  • Risk assessment process

    I wanted to find out which ISO 27001 output documents are to be made ready before the Risk Assessment process commences?

  • RTO and MAO

    Can the RTO be more than the MAO?
Page 195 of 544 pages