ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Risk assessment

    How to Perform Risk Assessment

  • Risk assessment

    Junto con saludarte, te comento que estoy haciendo mi evaluación de riesgo y tengo unas dudas al respecto.

     Por ejemplo, uno de mis activos es el servidor, las amenazas sobre el son varias, por ejemplo: fuego, inundación, etc… si yo ya tengo disminuidas esas amenazas poniendo sistema antiincendios, alarmas, extinguidores, sala aislada, etc…tengo que incorporarlas dentro de mi evaluación? Y de ahí asignarles un valor que resultara en aceptable o inaceptable? O la evaluación de riesgo se hace con lo que ya esta implementado…

    (Along with greeting you, I tell you that I am doing my risk assessment and I have some doubts about it.

    For example, one of my assets is the server, the threats on it are several, for example: fire, flood, etc ... if I already have those threats reduced by putting a fire system, alarms, extinguishers, isolated room, etc ... I have to incorporate them within my evaluation? And from there assigning them a value that would result in acceptable or unacceptable? Or the risk assessment is done with what is already implemented ...)

  • Question about documents

    Hi all,

    1 - Are documents covered by the document control policy only security-related E.g. regulation, or is it any company document?

    2 - Is there a clear definition of external documents? The concept seems nebulous. Maybe a sample policy we can look at with some examples of what other organizations do may help.

    3 - For example, an email is an external document, so would someone be tasked to archive them somewhere in this policy?

  • New version of ISO 27001 standard

    Do you know when the standard is up for changes so I can be a little better prepared?

  • Is ISO 27002 part of ISO 27001?

    Is ISO 27002 part of ISO 27001?

  • Fiber optic cable risk

    Sir I need risk that happens due to work with fiber optic cable

  • External audit

    Há algum tempo atrás tivemos evidenciadas não conformidades devido a uma auditoria externa. Gostaria de saber se com as ferramentas disponibilizadas, seria possível ter os elementos para responder a estas não conformidades e também fazer frente a outras auditorias.

    (Some time ago, non-conformities were evidenced due to an external audit. I would like to know if with the tools available, it would be possible to have the elements to respond to these non-conformities and also to face other audits.)

  • Questions about ISO 27001 implementation

    Gracias por la información alcanzada, tenemos algunas consultas.
     
    1.- Hay alguna diferencia entre el ISO 27001:2013 e ISO 27001:2014?  teniamos entendido que el 2014 era la versión mas actual. Nuestra implementación queriamos
    basarnos en el 2014.
     
    2.- Actualmente estamos dentro  de nuestro proceso estamos en la etapa de Diagnostico, para ver los factores críticos dentro
    de los procesos.   Para esta etapa que Plantillas serian mas recomendables a Usar.???
     
    3.-  Una vez terminada la parte de Diagnostico, nuestra siguiente etapa era ya realizar la implementación del SGSI indicando los controles 
    necesarios y Monitoreo. Al respecto hay alguna recomendación con que plantilla comenzar la parte de implementación?
     
    Agradeceriamos mucho alguna sugerencia o indicarnos que información a revisar mas profundamente para poder encaminarnos mejor.

  • ISO 27001 rules to consider for usage of documents

    Has ISO 27001 give any recommendation or rules to be respected on usage of documents based on their level of classification. for example: a document classified confidential, is it permitted to be saved on public cloud, on which conditions.

  • ISO certification: 7.4 Communication

    We are contacting you regarding a request we have: the auditor are asking about this point 7.4 Communication in ISO-norm. We bought the templates from you, but the templates does not include this point. Could you please provide a template for this point 7.4?
     
    7.4 Communication The organization shall determine the need for internal and external communications relevant to the information security management system including:

    a) on what to communicate;
    b) when to communicate;
    c) with whom to communicate;
    d) who shall communicate; and
    e) the processes by which communication shall be effected.
Page 125 of 544 pages