Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Use promo code:
CTA20

ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Help for maintaining a risk register

    I'm helping a organisation with their ISO27001 work.

    I've seen the instructions on how to setup the riskregister which seems easy but do you have any instructions on how to work with the risk register the upcoming years and cycles after certification. (our mutal customer has implemented and certified ISO27001 in yoor tool)

    It looks like you need to go through the process all over again to reach the register and all risks seems to get the riskvalus zero after a plan.

    I'm looking to se the progress of making the risk smaller, filter and work with all risks in prioritization order which the auditors demand.

    Can you guide me to any information, manual or video on how to work with the register after implemantation? (Or are you supposed to extract it and work in excel or alike)

  • ISO 27001 version mention

    Just curious, in the ISO27001 history, the 2017 version was not mentioned, how come? Thank you for the answer. Because just this year, our company was certified in the 2017 version. I have googled it and I can't find an answer.

  • Business Continuity Procedure

    Question --> ISO 27001 ver 2013 has a "Business Continuity Procedure" listed as a mandatory document (clause A.17.1.2).  However the Advisera Toolkit for ISO 27001 only contains 1 document in the "Business Continuity" folder (under General Policies) and it is a " Disaster Recovery Procedure" -- NOT a BC procedure ??  Since 'Business Continuity' and 'Disaster Recovery' are two separate contingency plans,  is there another location in the Toolkit where the BC Procedure is located? 

    Thank you for your outstanding support.

    Complementary question: This document is listed as a mandatory document in Advisera "List of Required Docs for ISO 27001 / 2013,  but the only document included in the Toolkit under the "Business Continuity" folder is a "Disaster Recovery Procedure" ???

  • Risk assessment in Conformio

    1- Why are confidentiality, availability, and integrity not considered in the Risk assessment? and how Conformio is addressing them.

    2- Why is there no prioritization for actions in RTP? This should be identified based on the risk levels. 
    we only see a list but it's not based on the risks identified.

  • Should nonconformities undergo a documented risk assessment / analysis?

    After purchasing ISO27001 templates and following your training it is not completely clear to me if ISO27001 obligates that nonconformities need to undergo a risk assessment / analysis and that this needs to be documented.

    Can you clarify this? Thanks.

  • Scope definition

    Our company has about 50 employees and we develop and manufacture a product with both software and hardware components.

    Do we include in the scope document the back-office systems that are used for HR, Marketing, Sales, Finance (inc salaries), and CRM?

    I would assume that our customers will not be interested in that but are rather focused on ISO 27001 referring to product-related-systems like R&D, Software development, Manufacturing. And also us protecting their medical information that might be stored on the device.

  • Request for guidance

    I frequently come across an article that I find extremely helpful, and now I would greatly appreciate your guidance on the following matter. Our organization has already implemented ISO 27001:2013, a new version has been introduced. Currently, I have a Statement of Applicability (SOA) that is based on 114 controls from ISO 27002:2013. My question is whether I should create a new SOA consisting of 93 controls in accordance with ISO 27002:2022, and subsequently make the necessary updates on my current SOA . Your advice and support in this matter would be greatly appreciated.

  • ISO 27001:2013 VS ISO 27001:2022

    HI there, I have been qualified as a Lead Auditor on 2013 objectives, can 2013 objectives still active and organisation can be certified with that objectives?

  • No budget to implement control A.8.12 Data Leak Prevention

    Control A.8.12 DLP is relevant to us as Intellectual Property that's stored largely on Google Drive is one of our most important assets.

    However, we do not have the budget to enable Google's DLP rules.

    How do we explain this in our documentation in a way that we still pass the ISO 27001 audit?
Page 11 of 544 pages