ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 14001 Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Pre-certification audit

    How does a pre-certification audit (gap-analysis) differ from stage1 audit?

  • Defining controls

    Our company has a platform developer team and web designer. For the sake of information security, do we have to isolate their work space (physically) ? Like put them into a restricted accessible room?

  • Documenting roles and responsibilities

    We have implemented ISO 9001:2015 ans 27001:2013 standard in our organisation. I have one doubt.

  • Risk Assessment Table template

    We can not find an "impact" column in Risk Assessment Table.

  • Information assets

    Please help me with information assets.

  • SOA question

    I am going through the ISO 27001 documents with the assistance of your great templates. Support advised me that I can email you with a question. I'm wondering if the vast majority of the 114 controls in the SOA typically need to be used in order to meet the compliance requirements. If the risk assessment identified that only 20 controls are required, could the remaining controls be set to "No" in the SOA? -then how would you justify that it wasn't required.

  • Controls in SoA

    I'm wondering in the statement of applicability, in order to get certified is it mandatory to implement almost all of the controls? Like if I exclude half of the controls because they aren't identified in the risk assessment, is the auditor going to say that isn't acceptable?

  • List of legal requirements

    I have a question regarding the list of legal requirements. Do we need to include clauses from contracts with our employees such as “the employee will return all confidential information to the company upon termination of employment”? If so, please could you show me how this would be recorded in the form provided.

  • Auditing BCP and DRP

    Any advise on auditing Business Continuity and Disaster Recovery Plan?

  • High Risk Apetite

    Hi If the CEO of a company is claiming that they have high risk appetite and as a Risk Practitioner can I convince him that actually they have low risk appetite. Or what are the ways and options to prove him wrong and actually his company cannot tolerate more risks Please advice
Page 239 of 544 pages