ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 14001 Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Risk assessment

    I have read some knowledge base of ISO 27001, and ISO 27001 Risk Mgt in Plain English, I found it useful and help me to understand more about Risk Management, but I still confuse how to start to do risk management follow this ISO framework. I understand the concept and process, but I don't know how to start it. This is the first time that my company need to do the risk management and no one understand about the risk.

  • Template content

    In the demo (eng) 27001:2013, you are missing chapt 18. Compliance, also nothing for chapt. 6 (ISO 27001:2013) demo?

  • Business Impact Analysis

    I work for a large global company and I’m currently performing the Business Impact Analysis for the UK which includes 15 different departments. So for each Business Impact Analysis questionnaire I completed them for the department as a whole rather than by each different activity so there’s a Business Impact Analysis for Finance, another for HR etc. So when I complete the Activity Recovery Strategy it will be per department.

  • Template content - disruptive scenarios

    Regarding Appendix 4 – Examples of Disruptive Incident Scenarios, should I work with the managers to create our own examples of Disruptive Incident Scenarios or should we keep the examples in the document and simply add the name of the company and confidentiality level at the top?

  • Risk assessment

    Please help to clarify me some doubt as below:

  • Toolkit content

    1. ISO 27001 project / ISO 27001 Documentation Toolkit / 08_Annex_A /

  • Filling out the Treatment Table

    When filling out the Treatment Table there are the columns Selection of Options and Means of Implementation. Both offer a selection of inputs. Is it mandatory to use these selections or can you use some other inputs that are not in the selection table? For instance can I add Other measures tot the "Selection of Options" and "Scan all documents to be stored on secure NAS, Destroy all physical documents".

  • Controls measurement

    I was reading this link https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/

  • List of assets

    My question regards to how thorough the list of assets should be. With an example; in our data center there´s data rooms, offices and so on. Even one of the stories is empty and might eventually be rented to some other company. I understand that we should make a difference among offices, data rooms, electrical – cooling – other infrastructure rooms inside of the building, since there´s different threats and vulnerabilities to each one of them that should be addressed differently and with different access levels and permissions.

  • Gap analysis

    I wonder, how important is gap analysis for planning process in isms based ISO 27001:2013 ? Why we should do gap analysis (at this point, i want to make a plan for implementing isms in an organization)?
Page 273 of 544 pages