ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit AS9100 Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Clause 7.5.1

    Hi Dejan Hope you are well. I had a quick question please. Clause 7.5.1 has a "shall" but the procedure for documentation control is not marked as a mandatory document in your checklist. I was wondering what could be the reason for that? Thank you

  • Protecting and keeping data safe

    The question I had: Do we as a company get by extension the benefits of cloud companies having all the certificates and good practices when it comes to protecting and keeping data safe. We are working with *** and ***. An example scenario would be an auditor asking my company how we back up data? And our answer is that we back up our data on 2 different servers: *** and *** for example. Would that be OK? Since we are not the ones responsible for the data, but we are offloading this to a much more secure company. Is this something that we can evaluate as low risk and not implement special controls when it comes to protecting this data, since we are getting the benefits of using a cloud provider?

  • Career in compliance

    I want to make career in compliance although I have 1.5 years experience of infosec. How do I start it?

  • Scope definition

    In the scope definition I write only what the company does and where it does it (address), don't you need to write the processes involved in the scope?

  • Definição de escopo

    Na definição de escopo eu escrevo apenas o que a empresa faz e onde faz (endereço), não precisa escrever os processos envolvidos no escopo?

  • ISO 27001 and Job description

    Just wanted to know if ISO 27001 requires Job description to be signed off

  • ISO 27001 certifying firm

    I need ISO 27001 certifying firm. can you help me to get.

  • Contradiction in reading material

    I'm finding a contradiction. In the article Practical use of corrective actions for ISO 27001 and ISO 22301, it says under Required Documents that that a procedure must be documented. But further down, it says that it is not mandatory. Which is it?

  • ISO 27001 Certification

    I have a question on the ISO27001 Certification, which you might help. 1. What is the frequency of auditing of the certification after an organization is certified. 2. Is there a difference in the depth of auditing controls between the initial certification audit and the successive audits.

  • Incident Response Plan Policy

    I’m in the process of writing an Incident Response Plan Policy.  Our company purchased the 27001 Documentation Toolkit and I only saw the IRP Procedure.  Do you have a IRP Policy somewhere in this toolkit that I can’t find or do I have to purchase this separately?
Page 110 of 544 pages