ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Risk Assessment Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit ISO27001 Product: ISO 27001/Risk Assessment Table Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 27001 Certification Requirement

     In this blog, we will understand the ISO 27001 certification requirement and how it helps organizations to establish a strong Information Security Management System (ISMS) that protects valuable data and manages information security risks effectively. ISO 27001 is an international standard that provides a structured framework for establishing, implementing, maintaining, and continually improving an Information Security Management System. It helps organizations manage information security risks in a systematic and effective way.

    What Are The Requirements of ISO 27001 Certification
    Context of the Organization - Organizations must identify internal and external issues that affect their information security. These may include legal requirements, market conditions, technological changes, and business objectives.


    Leadership - Top management must demonstrate its commitment to information security. They are responsible for establishing an information security policy and ensuring that roles and responsibilities are clearly defined.


    Planning for Information Security - Planning is about identifying risks and deciding how to manage them. Organizations must identify possible threats such as cyberattacks, data leaks, system failures, or human errors and take appropriate measures to reduce these risks.


    Support and Resources - Trained staff, proper documentation, and effective communication are required for maintaining ISMS.


    Operation - Organizations need to implement a planned process into their systems. These include access control policies, passwords, data encryption, backup systems, and physical security. 


    Performance Evaluation - Organizations must monitor and evaluate its performance. It requires regular monitoring, management review, and internal audits.


    Continuous Improvement - Continuous improvement is a key requirement of ISO 27001 because Information security is not a one-time activity. Organizations must update and improve their controls regularly.

    Benefits of ISO 27001 Certification


    Improved information security


    Better Risk Management


    Protect  sensitive data


    Increased customer trust and confidence


    Compliance with legal and regulatory requirements


    Enhanced business reputation


    Competitive advantage in the market


    Reduced risk of data breaches


    Better internal processes and controls


    Which Industry Can Get ISO 27001 Certification?


    IT and Software Companies


    Banking and Financial Services


    Healthcare and Hospitals


    E-commerce Businesses


    Telecommunications


    Educational Institutions


    Manufacturing Industries


    Cloud Service Providers


    Data Centers


    Why Choose Us?


    SQC Certification is one of the best certification body that is known for its commitment to delivering credible, high-quality certification services to organizations. We provide various ISO standards like ISO 9001, 27001, 42001, 14001, 37001, and 45001. We have an experienced team that understands your business needs and requirements. With our support, organizations can improve their operational efficiency, customer trust, and reputation in the competitive market.


    Contact us 

    Visit our website www.sqccertification.com


    Call us now at 9910340648


    Email- info@sqccertification.com


    Social Media Links

    Facebook https://www.facebook.com/sqccertification


    Instagram https://www.instagram.com/sqccertifications/


    Twitter https://x.com/SqccertservicesC.CERTIFICATION

  • What is the main difference between ISO/IEC 27701:2019 and ISO/IEC 27701:2025 ?

    What is the main difference between ISO/IEC 27701:2019 and ISO/IEC 27701:2025 ? Any new information as its the latest news in the ISO world. Please throw some light for the same.

  • record about Phisical and Electronic correspondance

    Hi In the first "Procedure for document and record control" we have one paragarpahe related to phisical and electronic records and when i choose for both Excel file the sentece become wired Each external document that is necessary for the planning and operation of the ISMS must be recorded in the Register of external correspondence in Excel or in the Register of external correspondence in Excel, according to their form. The Register of external correspondence in Excel and the Register of external correspondence in Excel must contain the following information: sender, document name, and date of receipt. The person who receives such external documents in paper or other physical forms (e.g., through regular mail or as courier parcels) must make a record in the Register of external correspondence in Excel. The person who receives external documents in electronic form (e.g., through email) must record them in the Register of external correspondence in Excel. hiw can we modify that paragraphe ? Also when we subscribe and get a quick workshop on getting started with confirmi, the person who present the tool told me that an update will be available wher we can modifiy the documents in a more flexibale way with teh possibility to ad headers and footers like in world can you tell me when it will be available ?   thanks Ed    

  • Risk level = 4, how to bring the residual risk at zero

    Hi, In Conformio, I’m currently in the Risk Register phase, Treatment step. When both Impact and Likelihood of my risk are set to 2-High (Level set to 4 – Not acceptable), I’m not able to bring the residual risk at zero. It remains at one, even when selecting all suggested risk treatment controls (safeguards). What should I do to bring the residual risk at zero? Or should I rather accept this residual risk of one?

  • Reviewing incidents in Conformio Management Review

    We are trying to use the Management Review process implemented in Conformio, to maintain our ISO 27001 compliance project. One of the items in MR is reviewing the recent incidents. The incident records in the Incident Register do have an attribute to indicate their review status, but I could not figure out how to toggle that to Reviewed, after we perform the actual incident review. Please, can someone advise on the correct procedure?

  • UPDATE ADDRESS

    If you plan to move the department of the system to another address then have to update what records? Note: Only use the network of the new address, the rest is managed according to the old system. Thanks!

  • Secure Development policy

    There is a paragraph in the Secure development policy which states: In addition to the risk assessment performed according to the Risk Assessment and Risk Treatment Methodology, Head of RD must perform the annual assessment of the following: the risks related to unauthorized access to the development environment the risks related to unauthorized changes to the development environment technical vulnerabilities of the IT systems used in the organization the risks a new technology might bring if used in the organization the risk a new development methodology and/or programming language might bring if used in the organization the risks related to licensing requirements The question is, is this assessment to be done in the Risk Register or is it an additional document that needs to be drafted by the Head of R&D? Thanks

  • Confidentiality Statement

    We are drafting the Confidentiality Statement through Conformio. To do this we have downloaded a template which should be edited based on the specific clauses are required in the company. This document should involve both employees and external parties. The issue is that we do not have a single document for all. For example for the employees the confidentiality statements are added in the employement letter which also references the employee handbook which has additional clauses, while for third parties there is a specific NDA. So the question is, how am I supposed to say all this since I have a single template? Best Regards  

  • Edit Risk register

    Hi there We want to edit the Impact and Likelihood fields for certain risks on the Risk Register. How do we do this? thank you.

  • Access Control Policy - Managing Records

    Hi All,

    I'm drafting the Access Control Policy in Conformio.

    At chapter "4. Managing records kept on the basis of this document" it asks for the management of 2 types of Records.

    one is quite clear, it demands the management of an Access Control Review register.

    The second one instead is not totally clear to me, what I don't fully understand is if we need to keep a register for only tracking the privileges (access rights granted to roles or users that usually wouldn't have them) or if we need to track every single access given to all the employees on all the used applications.

    Can someone suggest what should be tracked?

    Thanks in advance

    Best Regards

    Igor

     
Page 1 of 544 pages