ISO 27001 & 22301 - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • AML-ISO 27001

    Hello, I have a question regarding the ISO 27001 certificate, does this certificate include AML policies?

  • Documenting processes in the ISMS

    how exactly do the individual ISMS processes need to be mapped? E.g., is it enough to write "HR" or do I have to explain every step of for example the process "managing employees"?

  • Mudanças no documento

    Ola Dejan, grato pela resposta.

    Permita-me uma outra pergunta: com a pandemia, foi revista a política de dispositivo móvel? Ela tem alguns pontos onde certamente não cumprimos pela emergência de colocarmos funcionários em Homeoffice. Como a versão que possuo é de 2015, houve alguma alteração?

  • Documents required from support/CSM perspective

    Could you advise what documents would be required from a support/CSM perspective, please

  • Requirements to satisfy the requirements of ISO 27001?

     completed this training already and I enjoyed it.

    Quite a lot of this content was a ‘common sense’ for someone who works in the field, but it will be new to other staff members and my ISO 27001 team members.

    I’m just wondering if this training plus our GDPR e-learning and an annual refresher would be enough to satisfy the requirements of ISO 27001?

    I think some input on policies and procedures would be required too.

  • Risk Assessment of Assets


    As part of compliance with the NIS Regulations we are identifying assets, grouping them and them Risk Assessing them as a group.

    Our aspiration is to implement ISO27001 in the future so I am thinking this is an opportunity to get our Risk Assessments aligned to the standard.  I am guessing for ISO27001 we would have to risk assess the invididual assets rather than as groups?

    So, rather than risk assess

    Core Network
    Business Systems
    Desktop Applications

    Would we need to risk assess as follows?

    Core Network
    Business System 1
    Business System 2
    Business System 3
    Business System 4
    Business System 5
    Desktop Application 1
    Desktop Application 2
    Desktop Application 3
    Desktop Application 4
    Desktop Application 5


  • Conformio expert question about asset and access mgmt processes

    How does Conformio support asset and access mgmt processes?

  • A.14.2.7 - is a developer hired as a consultant considered outsourced development?

    We're a software development team of 3 persons. 2 of the persons are hired directly as employees in our company but the third developer is hired through his own company, which means that legally he is a 3rd party. BUT he only works with us for the time being, being supervised by the two other developers and in every other way working as if he was practically hired directly by us in our company. Is this considered "Outsourced development"? I mean it's not like we've engaged a large company to do the development for us. The only difference is that he is sending invoices to get paid while the two other developers are getting their salary as employees.


    So - is a developer hired as a consultant considered outsourced development?

  • Implementing 27001 or 22301?

    Te reescribo la pregunta que por el chat podía estar mal redactada.

    Para mí, como autónomo que me dedico a la asesoría, ¿crees que es más acertado que “me implemente” la 27001 ó la 22301?

    (no me refiero a implementar a otros)

  • ISMS evidence

    As part of our support, I want to request some more explanation on the questions below related to ISO-27001:

    Evidence of Communication Plan for Communications Related to the ISMS
    Documented Management Review Process
    Evidence of the Results of the Management Reviews 

    Kindly provide more explanation about these requirements and what document templates maps to them .

Page 1 of 470 pages