ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Root cause analysis and corrective action plan

    When we get ourselves checked for surveillance of ISO 27001 standard, we do receive non-conformities. We perform a root cause analysis and corrective action plan for the non-conformities and work to conform them. I would like to know if you have a template to perform the root cause analysis like the fishbone method etc.

  • Is ISO 27001 relevant for clinical data management?

    Is ISO 27001 relevant for clinical data management?

  • Audit and Risk Management

    I'm in the process of an audit for license and patch management for an internal audit...Which documentation is needed for such audit process?

  • Advice on ISMS implementation for Group and subsidiary companies

    Please I need some professional advice

    A holding/group/mother company with other legal subsidiary companies want to implement ISMS for the group with the scope including the subsidiary companies.

    The Group company and the subsidiary companies are all located at the same place

    The same staff works for both the Group company and subsidiary company

    They both share the same assets.

    But the subsidiary companies offer different products and services

    What do you suggest should be the best way to implement the ISMS towards achieving Certification?

  • Questions about risk

    1. What is the expected risk level of the residual risk? Assume acceptance is below 3, should a residual risk level be more than 3 having implemented all controls

    2. Clause 6.1.1 requires actions to address opportunities.
    a. What are opportunities -  in relation to ISMS
    b. What are the actions to address opportunities

    3. What determines likelihood of occurrence in risk assessment ? Is it the frequency for occurrence of an activity/process?

  • CFO exclusion from ISMS Scope

    I’d appreciate your help/reassurance on a query regarding our ISMS scope.

    Context

    For our ISMS scope, I have added in an organisation chart. On the basis of your advice stating that 3rd parties are out of our remit of control I have made our CFO (he is an independent consultant) and shareholders out of scope.

    Question.

    In the section, exclusions from scope, are we okay to exclude the CFO/Finance function and shareholders from the scope?

    Thank you in advance for your guidance on the above,

  • Example of a completed Risk Assessment Table

    Do you have an example of a completed Risk Assessment Table I could look at please. I am interested particularly in the numbering system. It seems to me the numbering should run by asset not by vulnerability, so 1.1, 1.2 etc until next asset.

  • List of documents for BCMS

    Es factible contar con una lista de documentos secuencial solo para SGCN.
    Te comento que actualmente ya contamos con un SGSI implementado e iniciaremos en breve la implementación de nuestro SGCN. Respecto a los documentos, adquirimos el paquete completo para que nos ayude a complementar el SGSI que actualmente tenemos.
Page 138 of 544 pages