ISO 27001 & 22301 - Expert Advice Community

Labelling information

Quick question on the requirement to classify and label information. Are we expected to do this for all historical documentation as well as documentation moving forward?

Infosec responsibility for BCP from an IT perspective

is it logical to have the IT responsivity on BCP led by the Infosec team?

Question around contractual and legal requirements

Will the organisation have to go through each agreement and determine? If so, this may be a time consuming exercise?

ISO27001-cryptographic control

1 - Would you be so kind to explain to me why I see differences between your explanation here: https://advisera.com/27001academy/how-to-use-the-cryptography-according-to-iso-27001/

and my paper version of 27001 - there is Cryptographic control defined under A.10.1.

I have iso 27001:2013

In your text there is mentioned A.8.24

2 - my second question is - can you recommend me any webpage where can I see any example of cryptographic control. thank you

Migration from the 2013 to the 2022 documents

I am currently working on a project with a client attempting to get them ISO 27001:2022 certified. The project started in mid 2020 and we took over the project late last year and are using the 2013 version of the templates however, we are not sure whether we need to use the 2022 transition documents to update their project or whether we can stay on the 2013 iteration of the standard for their certification later on in the year. 

If you need any further context regarding the project, please let me know.

Is your ISO 22301 toolkit covering ISO 22361?

Could you please confirm whether you have Implementation Document Toolkits for ISO 22361:2022 - Crisis management — Guidelines and ISO 22316:2017 - Security and resilience? Or is your ISO 22301 Toolkit covering these requirements?

Latest version of Statement of Applicability

What is the latest version of Statement of Applicability? Have the controls changed since 2017?

How to keep being trained and skilled and best way to find work?

I am currently reading it and so far you succeded in making the topic of ISO27001 easy to understand and apparently simple to implement even though I have no expeirnce on that.

I hqve pqssed the ISO 9001:2015 Lead Auditor CIRCA Exam but kind of new in the profession. I also passed the foundation vouse for ISO 27001:2022 with your company.

I find mysleft isolated and not sure how to practice to keep what I learnt but most importantly find work because I am currently unemployed in the Philippines.

What advise would you give me to keep being trained and skilled as well as to the best way to find work (middle-east, south-east asia or Europe)?

Question about tools and scope

1 - what are the tools free for e.g. evaluation and you have also a repository for the documents.

2 - Can you tell me which tools are free and where i can see the list of document templates and which are mandatory for the certification ??

3 - What is in case of a Scope Extension when I want to incorporate also SW Products ???