ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISMS scope of a digital bank

    can I just choose an area to scope? For example, choose Database. I'm kind of lost

  • Patch Management Policy and Vulnerability Management Policy

    We are still in the process of obtaining ISO 27001 certification. At the same time, we are receiving many many questionnaires/assessments from customers and prospects. These will hopefully disappear after the certification. In these questionnaires they require “Patch Management Policy” and “Vulnerability Management Policy”. Do you have a template for each?

  • ISMS scope of a digital bank

    eu posso só escolher uma área para fazer um escopo?
    Por exemplo, escolher Banco de dados.
    Estou meio perdida

  • BCP implementation

     want to know how to start with implementing the bcp

  • Appointment letters

    Hello Dejan. we've created an ISO Team for our ISO 27001:2013 implementation project. That being said, is it required for our HR to issue us appointment letters given that the ISO Team members' responsibilities are different from their typical job? For example, we've trained some of our employees to become Internal Auditors but their original responsibilities do not include auditing (Finance Officers, etc).

  • ISO 27001 - Cloud Services

     have a question about cloud services:

    I've read that we should include in Scope only data for SaaS, or data and application software for IaaS, etc.

    Does it mean that we have to write that in our ISMS Scope document, or is it self-explanatory and we just consider that later during Risk Assessment?

  • About implementing ISO 27001

    1 - My situation is that I am an intern at a small company whose servers are in the cloud (***), and they have a website of their own. So my question is implementing ISO27001 would be meaningless for such architecture, if not how should i define the context of the organization in such a case.

    2 - Also what sources would help a beginner like me to achieve this implementation of the standard. By the way, I started the course online in advisera titled "ISO 27001:2013 Lead Implementer Course" is it a good start?

     

  • ISMS

    I am coming near my audit for ISO 27001.  The audit firm will be looking at the information in the image below. Can you please give guidance on how to meet the requirement in the red box?

    https://i.imgur.com/1N5WwFY.png

  • Document/template used for the context of the organisation in ISO 27001 toolkit

    Can you help me with one question, please?

    Which document/template is used for the context of the organisation in the ISO27001 toolkit?
Page 146 of 544 pages