ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment ISO 9001 Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001 Internal Auditor Course Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Filling the risk assessment template

    Our company has bought the documentation package for ISO 27001 from you. At the moment we are in Chapter 6 in the Risk Assessment and are currently setting the level of risk. Does the information value about the threat, vulnerability, extent of damage and likelihood of occurrence fall into an area where the risk is initially accepted and monitored, does one have to enter an "existing measure" in the last column?

  • Risk mitigation and BC strategy

    First I bought Becoming resilient the definitive guide to ISO 22301 implementation, to study for a Business continuity management exam. I liked the book, very easy to understand. But after finishing it and I think having understood pretty well the contents I couldn´t find answer to the question - When are risks mitigated?: ASAP, after the risk analysis or after having implemented the strategies for BC.

  • Clarification on Penetration test

    Thank you for your continuous service and advise on information security. I have some doubts related to ISO 27001 requirements related to Penetration testing and vulnerability assessment. We are doing vulnerability assessment internally and also doing penetration testing by a third party company periodically. Doing the penetration test by third party company is much better but still is this a compliance requirement for the certification? If its a requirement then can this activity be performed by our sister company?

  • IT security questionnaire

    Do you have an IT Security Questionnaire template that I can send to third parties as part of the IT Security Standard – Third Party Risk Management procedure?

  • Training and awareness

    Hope this email finds you well.

  • ISO 22301 manual

    What of ISO 22301 does it require a manual?

  • Interested parties

    Please give an example of internal and external interested parties of a financial institution like a bank.

  • Fulflling control A.18.1.1

    Hi there, I have a few questions regarding completing (clause A.18.1.1) the list of Statutory, regulatory, and contractual requirements. Could you help me out with the following?

  • Filling scope template

    Working on the Scope document on 3.3 Locations we encounter the following dilemma.

  • Consultation recommendation

    Does the ISO template cover cloud security for service providers?
Page 303 of 544 pages