ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment ISO 9001 Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit ISO Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Difference between ISO 27001 A.18.2.1 and 9.2 Internal audit

    What is the difference between ISO 27001 A.18.2.1 and 9.2 Internal audit?

  • Lists of potential risks for a 100% digital market place

    Do you have an example lists of potential risks for a 100% digital market place that I can use as basic reference by any chance?

    Working on the risk part (6.1 in ISO27001) where we actually build in best practices to counter potential risks pro-actively, but having a guidance list from other companies would help a lot fore mainly A9 and A10 to see if we can thinking of the right kind of risks.

    All will be adjusted to our specific platform of course, but any initial draft would be appreciated

  • Risks posed by third party’s or suppliers

    Please what are the risks posed by third party’s or suppliers? I mean examples of Information Security risks that are posed by third parties i.e. suppliers, partners and customers, for example, hardware devices such as routers, switches, telecom lines, firewalls, software applications, ICT services such as risk assessment, penetration testing, computer forensics investigations, etc,

  • Procedures for suppliers to cover the control of External Providers

    I Have a question concerning my 22301Q2019 package I have two companies 1st TRADE, STORAGE & HANDLING (SIMPLE COOLING, TEMPERATURE ENVIRONMENT) of FRESH FRUIT & VEGETABLES 2nd offers environmental technologies and specializes in the design and manufacture of Prefabricated Innovative Water Treatment and Wastewater System which incorporate innovative advanced solutions and are suitable for wastewater treatment for civil and industrial applications. Both use External providers- Supply chanin (such as technical services, drivers and trucks, externalwarehouses and engineers . Where in this package can i find procedures for suppliers to cover the control of External Providers 8.1 Operational planning and control The organization shall plan, implement and control the processes needed to meet requirements, and to implement the actions determined in 6.1, by: The organization shall ensure that outsourced processes and the supply chain are controlled.

  • Corrective action plan for audit observation for clause 8.1 of ISO 22301

    Good Morning 

    There is a External Audit observation (Minor Non conformance)  for clause 8.1 of ISO22301 with  following statement:

    There was no objective evidence of process plans identifying the process criteria and the controls implemented in accordance with the criteria.

    What is a corrective action plan for this audit observation.  How to close this minor non conformity (Any new document/procedure required) ??? Your prompt guidance/help on this matter is appreciated

  • Documenting mandatory documents for ISMS

    How to document mandatory documents for ISMS?

  • Compliance with monitoring and measurement requirement

    What would be the compliance with the monitoring and measurement requirement? Were they indicators?

  • Updating the Incident Management Procedure

    I am going to update the INCIDENT MANAGEMENT PROCEDURE according to our own company. I have some questions.

    It would be great if you could share some examples for different categories like security weakness or event and incidents. This way we can get a better understanding of each type.

    Should we include our maintenance window to this document to exclude from our SLA? I mean we use this document as a reference for SLA.

    Do you recommend any tool for handling incidents proper for small business?

  • Contingency planning 

    I have just some questions regarding Contingency planning 
    1-is contingency plan part of ISO22301 requirements?
    2-who should develop contingency plan and scenarios 
    4-is there any conflicts between having contingency plan is ready and ITDR project ?? I mean is it an obstacle for DR project if I do not have contingency pls
    N is ready 
    Finally, do u have a kit for crisis scenarios?  
    Thx a million 

  • How to exclude information in the definition of scope?

    We have purchased your „ISO 27001 Power Toolkit" and would need support. We, ***, offer our customers a SaaS solution. We are currently preparing for TISAX certification and are in the process of setting up the ISMS. TISAX is largely based on ISO 27001.

    Here is my question about the scope to be determined:

    Our headquarters are in the ***  with branches in various countries among others in ***. Only the branch based in *** should be certified and defined in the scope. The design and maintenance of the IaaS and SaaS is specified and executed by the *** headquarters, Therefore we want to treat this area (hosting) and thus its service lines as a supplier. The problem is that employees in our IT department in the *** branch take on maintenance and administrative tasks for the EMEA area of hosting. How can this be excluded in the definition of the scope?
Page 123 of 544 pages