ISO 27001 & 22301 - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Internal auditor qualification

    What is your suggestion what qualification internal auditor should have as part of implementation....iso 27001 lead auditor is sufficient?

  • Conformio documentation access

    I'd like to see a few docs with you that I am in need of but couldn't find. Please find the list below.
    - Policy on the use of encryption
    - Operating procedures for IT management
    - Secure system engineering principles
    - Business continuity procedure
    - Cloud Security policy
    - Policy for data privacy in the cloud
    - Statement of acceptance of ISMS document

    I got this list from a doc of yours called "List_of_documents_ISO_27001_ISO_27017_ISO_27018_Cloud-EN.pdf", and most of them are mandatory for the ISMS from 27001 and a couple of them for 27017/27018. All the other docs I needed I was able to find in the platform.

    If you can help me with that would be great.

  • Implementation of GDPR & ISO 27001

    Three questions related to implementation of GDPR&27001:  

    1. Which approach should be taken to development of the Information Security Policy taking into consideration that we already have three sources and three templates of this document?

    • 11.3.1_Information_Security_Management_Policy_20000_EN
    • 04.1_Information_Security_Policy_Integrated_EN, which is included in the folder 04_General_Policies part of the GDPR&27001 Toolkit
    • Information Security Policy to be generated via Conformio

    2. How to approach the development of the remaining documents within GDPR&27001 Toolkit, because they are integrated with GDPR and those on Conformio are not integrated with GDPR? As you already know, we should develop/achieve an integrated GDPR&27001 package of documents at the end of the day.

    3. Given the fact that we don’t have the obligation to assign a Data Protection Officer and create it as a job title, what other role would you recommend – Data Protection Controller’s representative or other approach will be more suitable in order to comply with the requirements?

  • ISMS & BCMS risk assessment

    Our organization ERM & BCMS risk is 5 (impact) x 5 (likelihood), however the ISMS is 4 (impact) x 4 (likelihood), can we use both or it should be aligned. based on your audit experience, is it nonconformity or not.

  • How to write a proposal for ISO 27001& 9001 and Partnership

    I have been given a task to send a

    Please let me have your thoughts and views on these, this project is based in *** and I have been given 3 weeks to send proposal to them.

  • Specific German legal requirements


    I am currently trying to compile a useful collection of legal requirements…

    On your webpage you provide the titles of various laws.

    Do you have a more specific collection that point towards the actual requirements for the isms.

    I do not have the resources to read the texts and compile the specific information.

  • Internal audit

    I am advising a *** company at the moment, as well as a ‘daughter company’ in the *** on ISO 27001. Just some questions:

    1 - In the ***, there is only one person actively working, but he is (of course) also shareholder. Would it be okay if he does the internal audit? In ***, we want to have the CTO as internal auditor. He doesn’t have shares, but he is part of Management. Would this be okay?

    2 - What would be the cost of an online training for these internal auditors?

  • List of Legal Regulatory

    1 - I purchased the document templates and went with package 2 that gives me unlimited emails. I will more than likely need help with more documents, but I am starting to work on them, and the first document is the 2.1.

     I am unsure what to list here, I have read your website but wanted some help. Our company sells Web Portals to customers that integrate with ***. Who would be the stakeholders, I am guessing the 2 owners, Employees, Customers?

    2 - Since I am the one in charge of the ISO documentation, I would be the person responsible for compliance?

  • ISO 27001 questions about implementation of the standard

    1 - Is it a fundamental prerequisite for certification in the standard?

    2 - How deep should the mapping and documentation for the scope be?

    3 - Overall, I still have a lot of questions about the topic "Organization context" and everything it should cover ...

  • ISO 27001 dúvidas sobre implementação da norma

    1 - É um pré-requisito fundamental para a certificação na norma?

    2 - Quão profundo deve ser o mapeamento e documentação para o escopo?

    3 - No geral, ainda tenho muitas dúvidas sobre o tópico "Contexto da organização" e tudo o que ele deve abranger...

Page 1 of 448 pages