ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment ISO 9001 Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit ISO Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Nonconformities and corrections identified during and audit

    Can you record nonconformities and corrections in the same document that you are using to capture risks?  Example is that we have a risk register spreadsheet which covers all requirements and would like to only have one document capturing all of this if it is allowed.

  • First steps towards ISO 27001

    We're looking to start the journey towards ISO27001, but we're not sure where to start. As far as I'm aware we need a Gap Analysis to identify the scope of the project, is this something you could assist with?

     

  • Information security in project management

    What are some of the evidence you can show as demonstrating the practice of information security in project management

  • Conformio implementation plan with ISO 27001

    We bought Conformio Implement plan with ISO 27001 Documentation toolkit - can we use Conformio as document storage (it's DMS) since one on the procedures in the toolkit asks us to define this. We would like to keep all our documents on Conformio.

  • Roles and responsibilities for ISMS specific processes

    Are there any specifics roles and responsibilites that should be defined that are specific to ISMS

  • Legal, regulatory, and contractual requirements

    I was wondering if you had any specific tips on filling out the legal, regulatory, and contractual requirements as part of the Appendix? Would you recommend talking to each country’s office and each department as to which rules they have or merely searching online to see what there is?

  • Risk assessment question

    1. Pls correct me if my process is wrong, I have identified one risk title and risk level (High) after done risk assessment on one application, then this risk is treated by risk acceptance by risk owner in the period of acceptance time. Thus the risk level after this treatment I keep same level (High) and status close for the period of acceptance time then will be open again after period of acceptance time is over.

    2. Risk level of same risk title could be different or not after done risk assessment on different applications?
    I do appreciate for your kind comment and support.

  • Service as a Scope?

    Hello, 

    in the Scope Webinar it is said that software cannot be a scope, but a department can be.

    And what about a service? In our case, it is software support service, which we offer to our clients. Can it be the scope?

    Or in that case we have to formulate the scope as a department who performs the software support service?

    Thank you!

  • ISMS documents

    Que formatos debo utilizar para el cumplimiento de las cláusulas y controles de ISO27001. (Por ejemplo registro del alcance de SGSI, FODA - para conocimiento de saber a donde a punta la empresa y determinar su objetivos y alinearlos con el SGSI)

  • Risk treatment options

    Do we need to specify the treatment control for transferring risk to third party.
Page 160 of 544 pages