ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment ISO 9001 Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit ISO Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Recording ISMS Internal Audit Findings

    How can I record ISMS Internal Audit Findings?

  • ISOs 27000 and 22301

    Does ISO 27000 cover disaster recovery? Or is it required to use ISO22301? Is this better to do a live consultation for this question?

  • Getting certification after risk assessment

    I researched about ISO 27001 and this is the latest in the market. If you can help me with providing a bit about how do we actually get the certification after the risk assessment. Like how do we approach and plan? I will be very thankful to you.

  • ISO 27001: ISMS

    I have implemented ISO 27001 ISMS in an insurance company. Now they want to know, whether they need any other framework of Cyber Security to protect them from Cyber threats, OR, the ISO 27001 isms framework is sufficient for them?

  • Project before implementation

    Our company decision is to first check our compliance with ISO 27001. This is my project. I attend training for ISO 27001 internal auditor and manager of the ISMS system.

    So the scope of my project is to get the info on how and where we comply (gap analysis) and what we still need to do (plan for implementation). Based on this our management will decide to go into activities towards obtaining certification. This will be a separate project.

    Everywhere I can just find info on how to prepare a project for implementation, but not how to prepare a project to get my scope. Can you please help me with this.

  • Statement Of Applicability

    Is there a rule of thumb (or best practice) as to how many controls from Annex A need to be sustained in the SOA (for smaller companies, i.e. 50-100 employees)?

  • Internal audit against all clauses of the standard

    This relates to ISO 27001 and internal audit. I represent a small organization that is implementing an ISMS and who has just gone through the Stage 1 assessment.
    The certification body insists that we should complete a full internal audit against all clauses of the standard as a pre-requisite to Stage 2 and also annually after this. I cannot see anything in the standard that says we must do this.

    Is it OK to ask for your views on this?

    The certification body quotes ISO 27006 as justification to put things in context, the company currently employs 12 people.

  • How does IT prioritize the individual systems within each activity that IT has to enable?

    Great stuff on BC and others. I have a question. When IT has an RPO and RTO and the other activities do too, how does IT prioritize the individual systems within each activity that IT has to enable?

    I understand that your illustrations accounted for the overall activities. Like restoring loans or the payment processing departments and which to do first. But what if within the payment processing department their are process priorities? How does the IT department know which system to enable first within the payment processing processes?

    Or am I getting to granular?

  • Advantages and disadvantages of certification against ISO 27001 standard

    Advantages and disadvantages of certification against ISO 27001 standard
Page 167 of 544 pages