ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment ISO 9001 Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001 Internal Auditor Course Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Changes in scope

    We are a company based in XXXX and we are looking into possibilities of also opening an office space in XXXX and XXXX. My question is if this will affect our ISO scope. Do we have to include these other offices in our scope,or is it possible to only certify the company based in XXX?

  • Scope definition

    1 - Background

  • Policies, procedures and guidelines

    1- There is a debate on ISMS Security Policy, Security Policy & System-Specific Security Policy.

  • Filling templates

    1. Is it possible to have a typical example of a company that has implemented this standard to help us do it within our company? There is no example in the toolkit which does not facilitate understanding.

  • Risk Management Criteria

    I’ve been following your work for a while and have a question about Risk Management Criteria, specifically around Likelihood.

  • Backup policy

    For creating a backup policy, what are the points to be considered and also what will be the retention period for all the backup or what will be the compliance requirement for storing the backup and the storage period

  • Scope definition and project planning

    1. Is it possible that all applicable controls in SoW are fully implemented already? If yes, what risk treatment plan will be?

  • ISO 27031 and ISO 27036

    For the moment we are working on the documents but in particular we are realizing further potential needs related to the circumstance that an important part of our business processes involve the outsourcing of essential components and services, in form of a supply-chain to be incorporated into our scope.

  • Scope definition

    I’m currently completing the ISMS Scope Document for ISO27001. For section 2.4 Networks and IT infrastructure, how detailed does the list have to be? For instance do I have to name each server included in the scope, if so the document will be several pages long as the company I work for is a global business or would it be sufficient to say 40 servers, 3 switches, 5 active directories etc.

  • ISO management system certification

    1 - What is the current process for companies to become ISO27001 and ISO22301?
Page 300 of 544 pages