ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO Log Retention

    Just wanted to know whether there has been any log retention defined in ISO for storing system logs in terms of number of days/years. Like in PCI-DSS, there 's a requirement to store the logs for 1 year, can you please confirm if there's anything as such from ISO perspective.

  • 6.1.3 (f) and acceptance by top management

    Quick question: 6.1.3 (f) requires Risk owner to accept the risk treatment plan and residual risks. In your templates (risk treatment plan, Method for risk evaluation and treatment), the risk can be accepted by TOP management. Is this still conform with 6.1.3 (f) or do we have to get approval from all risk owners?

  • Free Calculator - Duration of ISO 27001/ISO 22301 Implementation

    1. A quick question on your calculator..
    Q. Number of physical locations.. We have 5 employees who all work remotely. We don't have a physical office. So is this 5 physical locations?

    2. another question on the calculator. One of the question asks, will a project manager be assigned (or something along those lines), I ticked 'yes' as I am assigned as PM and I am a Prince2 practitioner. Does this assume a full time employee? I am part time, therefore I wonder if the calculation would be longer if it took that into account?

  • Application of ISO 22301 certification

    I have a question. Can the ISO 22301 certification be applied to a product which aims at ensuring business continuity after a disruptive event?

  • ISMS Risk Assessment & COSO Enterprise Risk Management

    Is there anyone who has implement COSO ERM and ISMS together? Can you use COSO ERM to do ISMS risk assessment? Can someone share how it is being implemented? Do you use any tools?

    Can ISMS use its own risk assessment methodology and approach that is different from COSO ERM?

     

  • Analysis with each standard and implementation

    Como se evalúa para hacer el cobro por el análisis con cada norma y la implementación

  • Vulnerabilities

    Hello Advisera Team,

    I have a question about Vulnerabilities in Risk assessment in ISO 27001: is it something which already has place, or something which could potentially happen in the future?

    I mean, in your example below, if we have UPS, fire extinguisher, and fire protection, are all those risks not relevant for us? So we don’t enter them in our Risk Assessment Table?

    https://i.imgur.com/5JLEMo8.png

  • Should the champions be the head of departments?

    Hi, I have recently been appointed as the ISMS lead in a small university. Currently trying to appoint the champions to work with. Should the champions be the head of departments or can I appoint other members of the department?
Page 153 of 544 pages