ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit AS9100 Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO advantages and disadvantages

    Advantages and disadvantages. Despite the popularity of ISO, how come some companies are still lacking the compliance culture, staffs are still not competent enough to follow the lay down procedures?

  • ISO 27001 - Risk Assessment

    I’m trying to keep the risk assessment as simple as possible, would it work to group sensitive applications together rather than having them treated as separate assets? For example, rather than having: accounting software, bank payment apps, and ERP software as separate assets could we just group them into sensitive software? If possible I’d like to the same approach with things like admin accounts, user accounts, sensitive digital documents, and sensitive physical documents.  In short, are we able to group assets that are alike?

  • Lead Auditor vs Lead Implementer

    Which of the two ISO 22301:2019 Lead Auditor Or Lead Implementer course is classed as the higher ranking course or are they equal in their own right?

  • Can a Lead Auditor certify that organisation is ISO 27001 compliant?

    Can a Lead Auditor certify that an organization is ISO 27001 compliant?

  • Contractor's obligation to provide the client with BIA/BCRA

    If I use a contractor to provide a key service within my organization, does that contractor i.e., *** have an obligation to provide me with a BIA/BCRA?

  • Question on ISMS scope definition

    Thanks so much for the webinar. We were finalizing our scope and our management wanted us to consider a smaller scope. Can you just remind me on a couple of points you made in the webinar?


    1 - The scope cannot be a server or a product, because it is a management standard right? Does this then mean that it can’t be an environment, like a cloud environment? Would you set the scope as the software engineering department for example instead?

    2 - And you mentioned the scope cannot be drawn between people who share the same office? Does this mean they would also need to be segregated in terms of network or email environment?

    I’d really appreciate your opinion as I think the delivery time will be quite different if we chose the smaller scope rather than the whole company, although maybe more detailed in segregating them.

  • Calculating Duration of each Service or Critical Service

    One of the KPI is Duration of service interruptions. Duration of each Service or Critical Service? how can calculate in overall?

  • Statement of Applicability

    If after certifying the company there are changes in the SOA, what should proceed with the external audit?

  • IT Managed Service Providers

    1. Is there an ISO certification we should look at?

    2. What would be involved to get certified and what sort of costs would we expect?

  • ISO 27001 implementation

    I'm wondering other than your video about ISO 27001 what are some good resources for me and my team to follow? In addition to that what kind of Specialists might I need to execute an implementation of ISO 27001
Page 108 of 544 pages