ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 14001 Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Differences between ISO 27017 and ISO 27018

    Can you please explain the difference between ISO 27017, ISO 27018 and the document controls and assurance in the cloud using COBIT 5.

  • People as single point of failure

    Request you advise, as a finding for PEOPLE AS SINGLE POINTS OF FAILURE, what will be the suitable ISMS control?

  • Issue based risk assessment?

    Is it necessary to conduct issue based Risk Assessment for ISO 27001? I read on this site that it is ok to have asset based risk assessment. but when i see clause 6.1.1 of the standard, I am getting confused.

  • Defining the scope

    Defining ISMS. We are a ********* company and we have clients in the UK requiring us to be ISO 27001 compliant and certified. We are potentially targeting a 3rd party data center in the UK where we rent rack space as well as one of our local offices. I am wondering if we should define the scope further down to one particular system we use to support client data or scope the data center (multiple systems) and one of our locations.

  • To be compliant, what is the minimum to be done?

    As the first step, we want to be a ISO 27001 compliant organization, and then later get a certification. To be "compliant", what is the minimum that we will need to do?

  • Validity of an ISO 27001 Certification to an organization

    Similarly if I am gonna get certified as a lead auditor what is the validity period of my certification? Awaiting the help :-) TIA

  • Deviations and exceptions in the Information security policy

    When the company defined a Information Security Policy. What could be consider exceptions to this policy? The question is related to the point 5.1 of ISO 27002 Processes for handling deviations and exceptions. How can identify this deviations?

  • Shortest time necessary before applying for ISO 27001 certification

    What is the shortest time necessary that we should run the steps CHECK and ACT, before applying for the certification of ISO 27.001?

  • Referring to the Business continuity policy from the ISMS documentation

    If we want to get certified against 27001 and we have existing business continuity policy, do we still need to state it on our ISMS documents? Will the auditor audit specifics of it even if only want to have the 27001 certification for the meantime?

  • Any controls for BCMS like ISMS?

    Are there any controls for BCMS like ISMS? please help to understand this.
Page 432 of 544 pages