ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 14001 Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Critical areas to prioritize focus during implementation

    What are the more critical areas to prioritize focus during implementation?

  • Recommended system/application to control documents, incidents and other stuff from ISO standards

    What system/application you recommend to control documents, incidents and other stuff from ISO standards?

  • The best KPIs for monitoring metrics

    What KPIs will be the best to choose for monitoring metrics?

  • Business relevant data

    The question is: what is considered ‘business-relevant data’ as mentioned in the document ‘A.8.2 IT Security Policy’ and is there a list that we can use to help us identify instances of this?

  • Implementation issues

    1. What implementation issues do you usually have?

    2. Do you have implementation shortcuts that helps you streamline an implementation?

  • Best methodology for information security risk assessment

    1. What is the best methodology for an information security risk assessment?

    2. How to ensure if privacy principles are dealt with in accordance with relevant legislation and regulations? If the client says that he is performing an assessment to ensure he is in line with the DPA, is this information enough to make him compliant with clause 18.1.4?

  • Asset Classification Best Practices

    Asset Classification Best Practices

  • ISO advantages and disadvantages

    Advantages and disadvantages. Despite the popularity of ISO, how come some companies are still lacking the compliance culture, staffs are still not competent enough to follow the lay down procedures?

  • ISO 27001 - Risk Assessment

    I’m trying to keep the risk assessment as simple as possible, would it work to group sensitive applications together rather than having them treated as separate assets? For example, rather than having: accounting software, bank payment apps, and ERP software as separate assets could we just group them into sensitive software? If possible I’d like to the same approach with things like admin accounts, user accounts, sensitive digital documents, and sensitive physical documents.  In short, are we able to group assets that are alike?

  • Lead Auditor vs Lead Implementer

    Which of the two ISO 22301:2019 Lead Auditor Or Lead Implementer course is classed as the higher ranking course or are they equal in their own right?
Page 107 of 544 pages