ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit AS9100 Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 27001 implementation

    If I buy the ISO 27001 Toolkit, do the templates take into account an integration into an already implemented ISO 9001?

  • Information Security Policy vs IT Security Policy

    My company has purchased your workshop and documentation toolkit for the ISO 27001 Implementation. We are working on the documents and the statement of Applicability is posing a real challenge.

    One thing though I want to be clear on, in your documentation, folder 02 (General policies), I see the information security document which is a relatively short document and not very detailed. However, in the statement of Applicability, I see reference is made many times to the IT Security Policy, which means it should be quite an extensive document.

    Please is the Information Security Policy the same as the IT Security Policy?

  • SoA and selection of control A.11.2.9 Clear desk and clear screen policy

    I have a question, about SoA and selection of control A.11.2.9 Clear desk and clear screen policy.

    1. How much there is room for modifying the procedure concerning the control, if there is only need for the clear screen policy but no need for a clear desk policy?

    2. Can one select the control as applicable on SoA and then write procedure concerning only the clear screen policy (or if required adapt the clear desk policy only concerning specific areas such as conference rooms, reception area, etc.?

  • Preparation to comply with ISO 27001:2018

    How to make preparation in order to comply with ISO 27001:2018?

  • Supplier Security Program (Annex A 15 Supplier Relationships)

    I am a little unclear on what the scope of the supplier management program should include. I am well informed of the risk based approach for vetting and ongoing oversight and management, but I am wondering if the control only extends to suppliers where agreements are maintained or if it extends to any and all vendors that provide products and services to my organization (e.g., Adobe, Open Source Tools, etc.). For instance, we use software where we simply accept the terms of use like Adobe or video editing software. Obviously, we would not treat all vendors the same in terms of vetting and ongoing reviews, but we are not clear on whether we still need to include every single third party on our vendor spreadsheet with their classification, or if the list should only include those that we have classified as high risk or critical.

  • Non - conformance

    I want to ask Staff members were observed to be using their own phones in the processing area even though the company policy clearly prohibits the use of phones. Is it a major non-conformance or a minor one? I cannot understand the difference between them completely.
Page 168 of 544 pages