ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit AS9100 Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Including SOC 2 controls in SoA

    I hope you're doing well. I watched the ISO 27001 Lead Auditor Exam training videos and found them to be very useful! Thank you for offering this free training. I am leading the ISO 27001 internal audit efforts at my company for the first time this year and wanted to seek your guidance. Our company's ISMS is ISO 27001 certified and we also have a SOC 2 Type 1 certification.

    1. Are we required to include the SOC2 controls in the ISO 27001 Statement of Applicability?

    2. If we were to add all of the SOC2 controls this year, would all these controls be tested during this year's external surveillance audit? I'm planning out the scope of the internal audit and which controls to test, but we have limited resources and time. It seems duplicative to me to include the SOC2 controls since those are tested independently as part of the SOC2 audit. I understand an internal audit is not required for the SOC2 certification, but I see the benefit of performing an internal review to identify issues that could be mitigated before the SOC2 cert audit.

  • ISO 27001 confidentiality

    Which section of iso 27001 mentioned o confidentiality?

  • Documenting Statement of Applicability

    1. How to start documenting Statement of Applicability.

    2. What approach to follow?

    3. Who all should one interact with?

     

  • Critical areas to prioritize focus during implementation

    What are the more critical areas to prioritize focus during implementation?

  • Recommended system/application to control documents, incidents and other stuff from ISO standards

    What system/application you recommend to control documents, incidents and other stuff from ISO standards?

  • The best KPIs for monitoring metrics

    What KPIs will be the best to choose for monitoring metrics?

  • Business relevant data

    The question is: what is considered ‘business-relevant data’ as mentioned in the document ‘A.8.2 IT Security Policy’ and is there a list that we can use to help us identify instances of this?

  • Implementation issues

    1. What implementation issues do you usually have?

    2. Do you have implementation shortcuts that helps you streamline an implementation?

  • Best methodology for information security risk assessment

    1. What is the best methodology for an information security risk assessment?

    2. How to ensure if privacy principles are dealt with in accordance with relevant legislation and regulations? If the client says that he is performing an assessment to ensure he is in line with the DPA, is this information enough to make him compliant with clause 18.1.4?

  • Asset Classification Best Practices

    Asset Classification Best Practices
Page 107 of 544 pages