ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment ISO 9001 Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001 Internal Auditor Course Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Risk assessment approaches

    I would like to make request on three issue regarding ISO 27001:2013 implementation in building an ISMS

  • Documentation of control A.12.7.1

    I’m in the middle of our journey towards to certification. Performed risk assessment and now it’s time to prepare risk treatment plan and SOA.

  • Documents for ISMS implementation

    Can you please advise what are the documents will be produced throughout ISMS implementation?

  • CISO role

    My first question would be, whether it is necessary to always list a job title (e.g. CISO) or whether it is sufficient to list the name of the person in charge for that task. In our company for example we do not have the position of a CISO yet, is it necessary to create this position or can we just stick to the "name, surname"?

  • Categorizing information

    How to categorize information into levels according to the confidentially?

  • Legal & Regulatory Requirements

    Taking into consideration the requirements in ISO 22301 clause 4.2.2, how can it possibly be feasible to determine the interests of relevant parties, i.e. clients, of whom there may be several hundred or more who are all likely to be subject to different legal & regulatory requirements, depending on their industry/sector, and who will therefore all have different needs? My organisation has 800+ clients; it can't be practical or possible to assess each one individually?!

  • Controls effectiveness review

    What are the procedure needed for IT systems that enable us review the effectiveness of the technical and organizational measures to ensure the safety of processing activities regularly ?

  • Software tools for BIA

    What software tools do you recommend for BIA ?

  • Audit procedure and information logging

    I need some sample for me to write a Document for a procedure for audit logging including criteria to be logged, do you have any idea or help where i can get this guideline for me to start with.

  • Scope definition

    I find it hard to comprehend on how to define the scope of ISMS. I will need to help a customer to do an internal audit, but realizing that the company is a multi-national, multi-sectors company, I don't really know how to proceed.
Page 302 of 544 pages