ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit AS9100 Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 27001: ISMS

    I have implemented ISO 27001 ISMS in an insurance company. Now they want to know, whether they need any other framework of Cyber Security to protect them from Cyber threats, OR, the ISO 27001 isms framework is sufficient for them?

  • Project before implementation

    Our company decision is to first check our compliance with ISO 27001. This is my project. I attend training for ISO 27001 internal auditor and manager of the ISMS system.

    So the scope of my project is to get the info on how and where we comply (gap analysis) and what we still need to do (plan for implementation). Based on this our management will decide to go into activities towards obtaining certification. This will be a separate project.

    Everywhere I can just find info on how to prepare a project for implementation, but not how to prepare a project to get my scope. Can you please help me with this.

  • Statement Of Applicability

    Is there a rule of thumb (or best practice) as to how many controls from Annex A need to be sustained in the SOA (for smaller companies, i.e. 50-100 employees)?

  • Internal audit against all clauses of the standard

    This relates to ISO 27001 and internal audit. I represent a small organization that is implementing an ISMS and who has just gone through the Stage 1 assessment.
    The certification body insists that we should complete a full internal audit against all clauses of the standard as a pre-requisite to Stage 2 and also annually after this. I cannot see anything in the standard that says we must do this.

    Is it OK to ask for your views on this?

    The certification body quotes ISO 27006 as justification to put things in context, the company currently employs 12 people.

  • How does IT prioritize the individual systems within each activity that IT has to enable?

    Great stuff on BC and others. I have a question. When IT has an RPO and RTO and the other activities do too, how does IT prioritize the individual systems within each activity that IT has to enable?

    I understand that your illustrations accounted for the overall activities. Like restoring loans or the payment processing departments and which to do first. But what if within the payment processing department their are process priorities? How does the IT department know which system to enable first within the payment processing processes?

    Or am I getting to granular?

  • Advantages and disadvantages of certification against ISO 27001 standard

    Advantages and disadvantages of certification against ISO 27001 standard

  • Certify company in safe data destruction and recycling

    Necesitamos certificar a nuestra empresa en el borrado de datos seguro, ya sea por métodos de software o por destrucción de discos, y que podamos demostrar o certificar que los datos son irrecuperables para las maquinas dadas de baja por el cliente.

  • Inventory of Assets template

    I was wondering if you can help me with the document "A.8.1_Inventory_of_Assets_27001_EN".  I am wondering what goes under "Impact" as this part is not clearly explained.
Page 167 of 544 pages