ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Doubts regarding the policy, scope ISO 27001:2013

    Quisiera saber como puedo plantearme el hacer los procedimientos de mi empresa si el 95% de mi infraestructura esta en AWS.
    Por ejemplo, quería pensar en si AWS puede compartirme su SOA para conocer sus objetivos y su justificación de los controles y asi alinearlos con los de AWS.
    Los únicos equipos que están en las instalaciones son las PC y todas accesan via VPN a AWS.

  • Scope of ISO 9001 and ISO 27001 integrated management system

    Should the Scope of my ISO 9001 and ISO 27001 integrated management system be a separate document or could it be written as part of my manual?

  • Internal audit options

    We have already purchased the templates.  I was trying to get information on internal audit options. Is that something your company does or do you have suggestions on who to work with?

  • ISMS framework

    I'm implementing ISMS framework for my company.
    All the critical applications for critical processes are hosted on the cloud.
    Clause 17 of ISO27001 requires Information Security aspects of Business Continuity management.
    We don't have BCP/ DR plans in place.
    Now clause 17 only focuses on ensuring Info Security arrangements in case of BCP & DR. So my question is - do I've to prepare full BCP/ DR plans to comply with the clause 17 requirements? Or is there any alternative for it? Please guide.

  • Clause 4.1 internal and external issues

    We have a question for you on 4.; what is the best way to address this requirement, should we add this verbiage to our 05 risk assessment and risk treatment methodology document (like below) or should we create a separate table and/or document where we list action, who is responsible, timeframe for the items noted below.  My original thought was to include these items in our risk assessment process but would be interested in your thoughts, thanks.

    3.6 Organization and Context

    The head of EOM Security and Compliance will be responsible for identifying any internal or external issues that could affect the intended outcome of the ISMS.  Internal issues such as resources, training, data storage, organizational roles, tools, EOM software, system processes need to be captured and added to the Risk Assessment Table.  External issues such as cloud providers, customers, the economy, technology, legislation, the environment, all need to be reviewed and added to the Risk Assessment Table if necessary.
Page 152 of 544 pages