ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 14001 Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO certification questions

    I purchased the ISO 27001Toolkit and have two questions,

    1) Is the risk assessment documents in the toolkit in line with ISO 27005, e.g. we as organization, after we are ISO Certified using the toolkit can say we adhere to ISO 27005?

    2) ISO is international, it would be the same as Canada as it would for New Zealand as an example.

  • BCP

    Me gustaria saber si tengo una empresa con un BCP ISO 27001 certifcada, si es compliance con la norma BS25999 o ISO 22301. si sirve o tiene los estándares de esas normas.

  • Asset, Incident and Problem Management

    I only found a document for Change Management (Änderungsmanagement). I am also looking for Asset, Incident and Problem Management. Do you know if there are also Templates for it or is included in the Change Management Doc?

  • Question about Operating Procedures for IT Management.

    I hope you are doing well. I have a quick question about what is meant by Operating Procedures for IT Management.  Is that ISO required for year 1?  Can you provide a sample if required?

  • Cryptographic tool

    Hello Dejan,

    Thanks for your message. I am really satisfied with the ISO 27001 document pack. 

    I am having some interrogations about filling the document 08_Annex_A_Security_Controls > A.10_Cryptography > A.10_Policy_on_the_Use_of_Encryption.docx.

    I am confused about chapter 3. table, especially the part "Cryptographic tool".

     

    Type of information: Laptop - Backup - Source code - Data at rest - Data ion transit

    Cryptographic tool:OSX File vault - Hardware security module - Hardware security module - Hardware security module - TLS 1.2

    Encryption algorithm: XTS-AES-256 - AES-256 - AES-256 - AES-256 - ECDHE-ECDSA-AES128-GCM-SHA256

    Key size: 256 bits - 2048 bits - 2048 bits - 2048 bits - 256 bits

    Can you confirm to me I understood and fill this table correctly ? Or I mixed up some information?

    Thanks a lot for the clarification and have a great day.

  • Questions regarding the template of ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit

    My company purchased ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit. While working on them, I am confused with one of the templates, A9.1_Access Control Policy. Can you please assist me to understand? 1) Which section does “privileges in respect to the abovementioned user profiles” in 3.4. Organization’s privilege management refer to? Is this 3.2 or 3.3? 2) If it’s 3.3 then looks like 3.4 and 3.5 will cover the same thing? 3) But, section 3.7 mentions “Organizations’ personal defined in 3.4 as responsible for granting administrative access rights to its public cloud services, platforms, and infrastructure…”. Which makes me wonder 3.4. is for 3.3. Is it correct? Or, this should be “Organizations’ personal defined in 3.5 as responsible for granting administrative access rights to its public cloud services, platforms, and infrastructure…” Can you please explain as I am not clear what to cover in those sections?

  • Needed Policies

    Could you please provide me with the below policies. As per project plan i have to develop these policies. I understand some of them are non-mandatory but my supervisor has requested to develop these. The package i purchased does not have these policies. 

    Vulnerability Management Policy 
    Penetration Testing Policy
    Cybersecurity Awareness Training Policy
    Asset Management Policy
    Wireless Access Policy
    Endpoint Security Policy
    Anti Virus Policy
    Patch Management Policy
    Log Monitoring Policy
    Incident Response Policy 
     

    Regards

  • Supplier Security Policy

    Hello Support, I hope you are doing well, I am planning to work on the SUPPLIER SECURITY POLICY, I have some questions: Do you have any SUPPLIER SECURITY POLICY questionnaire template ready on the toolkit or your website? Do you have any SUPPLIER SECURITY MANAGEMENT partner or suggestion that we could consider to use? In the 3.2.           Screening, the policy says “[Job title] decides whether it is necessary to perform background verification checks for individual suppliers and partners, and if yes – which methods must be used.” What method does it mean?

  • Incidente de segurança da informação

    ISO 27001 - incidente de segurança da informação - qual o prazo para que seja feita a notificação e tratativa?

  • Removing approved risks in Conformio

    How its possible to remove some threats and vulnerabilities that we already reviewed and approved?
Page 78 of 544 pages