ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 14001 Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Template customization

    I have a question regarding the internal audit checklist. I bought your pack with templates, but my question is if the internal audit checklist is standard or if it can be customized? Is this the checklist an actual auditor will use?

  • Graphical presentation of risks

    I have recently conducted some risk assessments for my organisation. For each assessment I have the post-treatment risk values and I want to design a graphic visualisation of this for senior management. To do this, I have assumed I will need to reduce each risk assessment to a single risk value number that can be plotted on a heat-map or a graph.

  • Mapping of risks to ISO 27001 controls

    I am not sure how to map risks coming from an ISO 27001 risk assessment with the existing controls in the annex A. Can you help?

  • Scope definition

    I'm in Financial organization, we have 60 branches. Just started ISO 27001 project. Our scope is limited to IT only. We already outsourced our Data Center to the third party. I just want to know what should be included in the scope. Can I have list of assets that should be included in the scope? for example: In House Servers, all computers including branch computers, firewalls, printers and fax etc?

  • IT risk identification

    How to identify and assess IT risk in my workplace?

  • Risk Assessment

    Need to put together a process document for us to follow for IT Risk Appetite. Please Advise

  • Certification and cloud providers

    I'm confronted with a situation here. My sponsor (top management) want's this ISO27001 completed fast, so they ask to only complete the bare necessities of ISO27001. BUT, they have almost all data placed at (different, I believe) cloud providers.

  • Scope definition

    We (My company) have bought the documentation toolkit (which I recommended to them).

  • ISO 27001 Lead Auditor or CISA?

    I have almost 4 years of experience in Information security & privacy. I am planning to pursue either 1 of the 2 courses: Lead Auditor ISO27001 / CISA.

  • Cloud environment and information security scope/boundaries

    I am currently implementing ISO for an organisation that will be predominantly cloud based but still hold its core traditional in house values. My question is, what thought must be given to the impact of cloud computing on the organisations scope/boundaries, and how to you define a clear scope/boundary when the organisation makes use of cloud service providers.
Page 349 of 544 pages