ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit AS9100 Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 22301 certification

     I have two questions and I hope you can help finding the answers.

    1. When looking for certification in *** I realize that there are not really a lot of people with experience in 22301. I talked to *** and they all struggle to find a proper contact to talk to. On the ISO Website, I saw the 2018 survey than resulted in a total of 1128 certifications worldwide and only 7 in ***. Do these numbers seem correct to you? Do you know German companies with a 22301 certification?

    2. We realized that a cyber attack is a very likely threat. As Financial Services we rely heavily on our IT department (who is in the process of getting certified by 27001). How can we handle that in the scope of the BC Plan? Is it OK to delegate the responsibility to IT or do we have to come up with our own detailed plans? We need to come up with ideas and plans on what to do when such an incident occurs and how we e.g. bridge the first hours and days, but it is difficult to take ownership for fixing the IT part. How can that be handled?

  • ISO 27001 implementation

    Hi I'm trying to get a start on implementing iso27001 for my approx 250 person company.

    1. In addition to the kit I bought from you I purchased the standard from iso... I now realize I should have also bought 27002 so I can get more details on the controls. Is there a package you recommend that has everything I need in it? I'd prefer to get that instead of having to keep asking my cfo for permission for each thing.

    2. Also, I've done the foundations course but I am still feeling a little overwhelmed with where to start... I think risk assessment methodology is the place, but not sure.

    3. I've started going through the docs and updating them with our company info etc and the roles I expect for certain things but not sure if that is the right thing to start with. Thanks in advance for any direction

  • The best combination to use for IT Audit

    what is the best combination to use for IT Audit from COBIT, ISO and ITIL

  • ISO 27001 compliance testing

    Hi. I wanted to get a high-level view of the types of testing i should do for ISO27001 compliance for a new website being built, and the ball-park cost estimates of the price I should be paying an external organization to do that testing?

  • Risk Assessment

    Our organization is ISO27001 certified. Now we need to go for risk assessment. I am confused as our external consultant company is saying that they are using Risk Assessment Matrix as per ISO 27005 & ISO 27001.


    whereas our newly hired auditor is saying that the external consulting company is wrong and we should use Nihari or Octavia..

    My question is that as an ISO 27001 certified organization what should we use?

  • BAU activities

    I missed the live session but really enjoyed the recorded version. During the session, you mentioned that it is possible to ask from you directly. I have this project to get this company ISO 27001 certified, this is a small company in the *** with 3 employees in there, 2 developers in ***, and about 40-50 customer service agents in the ***. They are collecting medical records for lawyers and actually, the *** based team is carrying out the BAU work scanning the documents, etc. *** staff only do sales and management, so the operation is fully at a remote location. The persons there are not employees but like sole traders, using their own devices to access the company’s portal to manage the documents.

    We want to save money to limit the certification to the US company, so the auditors won’t need to visit the Philippines, however, the ISMS scope needs to be the operation and management of the medical record collection and handling service.

    I’m thinking to recommend to the client to handle the BAU activities as outsourced, and we will set the controls from A.15.

    I would appreciate your input.

  • Evaluating the effectiveness of the procedure

    Hello!. We recently purchased the ISO 27001 toolkit and I was wondering why the procedures state what to check when evaluating the effectiveness of the procedure? Where is that requirement from?

  • Recording ISMS Internal Audit Findings

    How can I record ISMS Internal Audit Findings?

  • ISOs 27000 and 22301

    Does ISO 27000 cover disaster recovery? Or is it required to use ISO22301? Is this better to do a live consultation for this question?

  • Getting certification after risk assessment

    I researched about ISO 27001 and this is the latest in the market. If you can help me with providing a bit about how do we actually get the certification after the risk assessment. Like how do we approach and plan? I will be very thankful to you.
Page 166 of 544 pages