ISO 27001 & 22301 - Expert Advice Community

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Clause 7.4 Communication Register

    Dear Team - how can we generate a communication register for the 7.4 clause? We were asked for Communication Register.

  • How to efficiently plan the audit

    Compliments of the season to you. I have been following you for over a year now. I have watched your videos, bought   your book on how to implement ISO 27001, and attended your Webinars.

    My company just posted numerous positions for Intermediate 'Security Auditor' (With focus on ISO 27001) and I asked them if I can join the team to start gaining experience.. Their response is that I don't have any experience, though I have the training and certification (PECB Provisional Auditor ISO/IEC 27001, ISACA Cybersecurity Certificate and ISACA IT Audit Fundamentals). I am currently working as a Security Analyst..

    How can I gain Audit experience to prepare for such opportunities or even start consultancy job?

  • Supporting documentation for training

    We are looking to train our employees on ISO 27001 and wondered if there is any supporting documentation that we can provide and upload on our company intranet and HRIS system?

  • Processo de adequação à ISO 27001

    Como iniciamos o processo de forma a não gerar retrabalho no futuro e para que consigamos implementar o ISMS de forma útil para a empresa?

  • ISO 27001 compliance process

    How do we start the process so as not to generate rework in the future and so that we can implement the ISMS in a useful way for the company?

  • Questions

    1. We are a rather small start-up company with about 50 employees, manufacturing a product with both hardware and software.

    We do not have a CISO or an IT manager, just myself as the ICT lead to do all IT and Security related tasks.

    What should we put in the documentation instead of CISO?
    Or should we write somewhere that wherever it says CISO that would be the ICT lead acting as the CISO?
    Or alternatively should we only include job titles that we actually have in the company?
    I am not sure how to present this in the documentation and audit.

    2. One of our team members looking at the risk part of our ISO 27001 plan suggested we combine 06.1_Appendix_1_Risk_Assessment & 06.2_Appendix_2_Risk_Treatment because:
    1) they include a lot of the same columns.
    2) you can use filter instead of copy pasting those risks that need treatment. Copy pasting between tables is error prone.

    Does the standard require these tables to be seperate?
    Can you explain why these are separate in the toolkit?
    Any other comments will be very welcome.

  • Non-Conformity in RR

    Dear Team - this is quite urgent - we have got a non-conformity because the auditor didn't accept the risk register as produced by Conformio - we are not sure how to mitigate this, any guidance would be hugely appreciated. Here is the non-conformity. (27001) Finding: The organisation did not fully meet the requirements for clause 6.1.2 c)1) - apply the information security risk assessment process to identify risks associated with the loss of confidentiality, integrity and availability for information within the scope of the information security management system. Evidence: missing from Risk register within Conformio platform.

    Additional information: The auditor requests that we add a column showing the impact on each of the CIA - Confidentiality, Integrity, and Availability components, (e.g. Letters to show letters representing the affected components of CIA).

  • Support re. internal audit section of ISO 27001 2022

    The policy templates we received as part of our toolkit refer to ISO27001. Should this be changed to ISO27002?

  • ISO 27001:2022 implementation issue

    I want to ask about establishing risk acceptance criteria in clause 6 - 6.1.2 and if there is any sample can i view in order to complete creating my system, which is related to a cloud-based software solutions company

Page 12 of 543 pages