ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit AS9100 Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Logs Management

    I wanted to know what's the best approach to manage all the servers' application and security event logs. I mean, should we keep the security event logs separate from application logs or we can have them all at one place??

  • Risk Assessment Table

    I bought in the past the the Advisera - ISO 27001-EU GDPR templates, but  when I started using the Risk_Assessment_Table_27A_EN I found that the catalogue of Threats and Vulnerabilities is not enough and complete to manage a risk assessment in a good way. if there is a more detailed list of  Threats and Vulnerabilities ?

  • Mandatory Procedures

    You mention in your ISO27001 implementation check list at point 10, that companies have to implement 4 mandatory procedures. Could you let me know what these are please.

  • Implementation of the function segregation matrix in a small company

    (I need a help/tip, what is the best way to formalize a matrix of function segregation, in a small company.

  • Implementação da matriz de segregação de funções em um empresa com 130 funcionarios

    Preciso de uma ajuda/dica, de qual a melhor maneira de conseguir formalizar uma matrizes de segregação de função, num empresa pequena.

  • Considering ISO 28000 for outsourcing hosting of their software products

    One of my 27001 clients is asking about whether they need to consider ISO 28000 as they outsource the hosting of their software products.

    Do you have any guidance on this?

  • Clarity on the certifying body and the cost for it

    Is there any specific value to the certifying body as there are many academy which are providing this certification. Does the certificate from a not-so-popular has any weight in the market?

  • Difference between BCMS and Risk Management System

    ¿En que se diferencia un SGCN de un Sistema de Gestión de Riesgos?

  • Gantt chart as a project plan for the ISO 27001 project

    We're trying to build a Gantt chart as a project plan for the ISO27001 project, and we're looking to see if you have any of the steps documented beyond filling the docs themselves.   e.g., folders 04, and 05 will require training users, missing controls under folder 14 will need to be built, tested, and deployed, such as enforcing BitLocker.   Folder 13 seems to address some of this based on mitigating risk from the risk assessment. Still, we're hoping this is already in a project doc with the assumption we have 0% complete, and we can pull out what's unnecessary or already implemented.
Page 150 of 544 pages