ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 14001 Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Corrective action logs

    We are working on the ISO 27001 implementation and one of the questions that popped out to us is about the corrective action logs.

    May I know what are the requirements of the corrective action logs? What elements should them be included?

  • Toolkits ISO 27001 & ISO 22301

    I received the documentation concerning A.6 to A.17 and I have 2 questions:

    1) Where is the documentation concerning A.18 (Compliance)?
    2) What about the Annexes A.1 until A.5?

    In addition I would like to ask if you deliver training materials about the ordered documentation? I already entered ISO 22301 & iSO 27001.

  • Como podemos adequar nossos processos para implementar a ISO 27001?

    Como podemos adequar nossos processos para implementar a ISO 27001?

  • Adapting processes to implement ISO 27001

    How can we adapt our processes to implement ISO 27001?

  • Gap Analysis Question

    I would like to know if it is necessary to define a scope to conduct a gap analysis. What is the best practice?

  • Audit

    We got the certificate on October 2022. I want to do an internal audit before external audit on August. How can I start with the audit and how to perform it . Thanks

  • Aruba Products

    Hi, somedoy has information about the Multiple Vulnerabilities in Aruba Products?

  • ISO 27001 query

    1. Can I seek your advise on the how much is the RTO usually set for a company offering SaaS based solutions? Does the ISO 22301 define any times? I understand that it depends on various org-specific factors, but want to get a idea on industry best practices.

    2. We also had the below queries relating to BYOD, in case we want to implement a BYOD policy:

    Should the organisation ensure an anti-malware / anti-virus solution has been installed on all personal devices?

    3. What are the minimum device management controls that the org should have control over?

    I understand that these are not specifically defined in the ISO 27001 standard, and therefore need your advise on what controls are considered bare minimum, and as per industry best practices, to help us pass the certification.

  • Secure coding

    Isn’t there a layer 2 as procedures and principles ?

    1.1. Secure coding
    [Job title] will issue procedures for secure coding of information system, both for the development of new systems and for the maintenance of the existing systems, as well as set the minimum secure coding practices that must be complied with.

    The same secure coding principles will be applied to outsourced development, and defined through the contracts as defined in [Supplier Security Policy].
Page 21 of 544 pages