ISO 27001 & 22301 - Expert Advice Community

Combining ISO 27001 with other standards

Con qué otras ISOs se podría complementar?

Help with ISO 27001 implementation

Dear Advisera Support Team

I have just purchased your "ISO 27001/ISO 22301 Risk Assessment Toolkit English" because I really find your concept practical according to the free downloadable materials on your website. Unfortunately after having looked through all the contents of the package, I am not fully satisfied with the purchase while expected more examples related to the asset-threat-vulnerability approach as written here in this site:

Diagram of ISO 27001:2013 Risk Assessment and Treatment process (advisera.com)
 
Could you please help me out? What I am looking for is more examples like this, something like a collection which ISO controls could address which threat and vulnerability types, a matching table would really help me. I would like to seek your support and advise here, especially when the assets would be infrastructure elements like a Domain Controller or a VPN gateway.

The best way to include “evidences” of policy implementation

Thank you for this mail. I’m currently beginning redaction of the first documents and follow your online training. As I’m very satisfied of both ,  I’m also studying the opportunity to take a company account on advisera training for our employees awareness training.

After hours of reading and watching the very complete content of your website (blog, videos…) I don’t have any questions requiring a meeting, except one you could surely answer by email : what Is the best way to include “evidences” of policy implementation (screenshot, configurations … showing that a rule or control is implemented) ?

• put them in a folder listed in the record part of the document (one folder by audit date ?) and put link to invidual files in the document (difficult to handle as folder is not always attached to the document, especially when sent to employees who don’t need to have such evidences)
• put them in aforementioned folder, but without any link ? but this way it could be difficult to see which file corresponds to which rules/ controls
• other way ?

Once again, thank you very much for the quality of your service

ISO 27001 certification

I am an *** Branch of a Foreign entity doing business in ***, my foreign parent has taken iso certification. So by being the branch of this foreign entity do I have to apply for iso certification again in ***?

Meaning of Bomb attack and bomb threat

what's the meaning of Bomb attack and bomb threat? they mean logical bomb such as (DDOS,...)

Roles and Responsibilities

Is an obligation define roles and responsabilities for TI in a Company with different Areas or Department? and that roles must be included in the Organizational Chart?

ISO 27001 for medium-sized companies

Isn't ISO27001 a bit oversized for medium-sized companies with a company size of approx. 270 employees? especially if you are not in system-critical industries?

Required reference documents for EU GDPR & ISO 27001 Integrated Documentation Toolkit

So EU GDPR & ISO 27001 Integrated Documentation Toolkit does not include Annex A for ISO 27001. Do you have a product or book or set of items that we could buy that has the required documents so we could do the “Integrated Documentation Toolkit”? some sort of additional product addon?

Annex A controls to be applied while mitigating GDPR related risks

We are ISO 27001 compliant and we have the GDPR controls in place as well. Last time we had an external audit, the auditor had suggested that while we mentioned the GDPR related risk in the ISMS risk assessment sheet the control numbers listed were not mapped correctly. Can you advise which of the Annex A controls are to be applied while we try to mitigate GDPR related risks? Also, do we have any other Annex for GDPR related risks controls?