ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment ISO 9001 Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit ISO Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Advice on ISMS implementation for Group and subsidiary companies

    Please I need some professional advice

    A holding/group/mother company with other legal subsidiary companies want to implement ISMS for the group with the scope including the subsidiary companies.

    The Group company and the subsidiary companies are all located at the same place

    The same staff works for both the Group company and subsidiary company

    They both share the same assets.

    But the subsidiary companies offer different products and services

    What do you suggest should be the best way to implement the ISMS towards achieving Certification?

  • Questions about risk

    1. What is the expected risk level of the residual risk? Assume acceptance is below 3, should a residual risk level be more than 3 having implemented all controls

    2. Clause 6.1.1 requires actions to address opportunities.
    a. What are opportunities -  in relation to ISMS
    b. What are the actions to address opportunities

    3. What determines likelihood of occurrence in risk assessment ? Is it the frequency for occurrence of an activity/process?

  • CFO exclusion from ISMS Scope

    I’d appreciate your help/reassurance on a query regarding our ISMS scope.

    Context

    For our ISMS scope, I have added in an organisation chart. On the basis of your advice stating that 3rd parties are out of our remit of control I have made our CFO (he is an independent consultant) and shareholders out of scope.

    Question.

    In the section, exclusions from scope, are we okay to exclude the CFO/Finance function and shareholders from the scope?

    Thank you in advance for your guidance on the above,

  • Example of a completed Risk Assessment Table

    Do you have an example of a completed Risk Assessment Table I could look at please. I am interested particularly in the numbering system. It seems to me the numbering should run by asset not by vulnerability, so 1.1, 1.2 etc until next asset.

  • List of documents for BCMS

    Es factible contar con una lista de documentos secuencial solo para SGCN.
    Te comento que actualmente ya contamos con un SGSI implementado e iniciaremos en breve la implementación de nuestro SGCN. Respecto a los documentos, adquirimos el paquete completo para que nos ayude a complementar el SGSI que actualmente tenemos.

  • Setup of Governance, Risk and Security department

    I have been tasked to setup the IT Governance, Risk and Security department from zero and was wondering what approach to take to make it easy to adopt as well as practical being practical and allow me to introduce polices, guidelines to mitigate risks as I go along.
Page 139 of 544 pages