ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Key Universal Principles of Segregation of Duties

    Kindly provide me with the key universal principles of segregation of duties with their explanations.

  • ISO 27001 Internal Auditor or Lead Auditor

    I want to know if ISO 27001 internal auditor is better for me or lead auditor. I have already completed 200+ remote audits. Just want a certification to support.

  • ISO 27001 Lead Implementer Course

    I attend the ISO 27001 Lead Implementer Video training course and I want to know is the training contents designed by Advisera or by standard bodies as BSI or PECB. I noted that the whole course explaining project management approach for implementing the standard more that a security related project. My question for the instructor “ is this training will help me to pass the BSI or PECB ISO 27001 Lead Implementer exam or it is designed only for Advisera?

  • Review ISMS document

    I am reviewing the existing ISMS scope document, the last reviewed this document was October 2018. what I should review & analyze for this document. please let me know which area I have to review.

  • Implementation of iso 27001 controls

     Hola bt soy analista de riesgos hace 3 años y estuve realizando un análisis gap de la iso 27001 de los 114 controles, ahora tengo como resultado un porcentaje global que no me indica por donde debo comenzar a implementar controles indico que no es para certificación sino como proceso de gestión de riesgos, quisiera saber si hay controles mas importantes que otros, a lo mejor me comentará que de acuerdo a los que le apliquen a la empresa, pero le aplican todos, le comento que la revisión la hice a nivel detalle y tengo un porcentaje de cumplimiento por control yo iniciaría por los que quedaron mas bajos en porcentaje pero quiero saber si hay un orden de reelevancia a este caso o por buenas prácticas me pueda comentar algo. De antemano agradezco su ayuda.

    (Hello, I am a risk analyst for 3 years and I was carrying out a gap analysis of iso 27001 of the 114 controls, now I have as a result a global percentage that does not indicate where I should start to implement controls, I indicate that it is not for certification but as risk management process, I would like to know if there are more important controls than others, maybe you will tell me that according to those that apply to the company, but they all apply to it, I told you that the review was done in detail and I have a percentage of compliance by control I would start with those who were lower in percentage but I want to know if there is an order of re-relevance to this case or for good practices can you tell me something. I appreciate your help in advance.)

  • SGSI measurements

    Como establecer las mediciones del SGSI?

  • Annex A Applicability

    I would ask him about completing the Statement of Applicability as our starting point to understand the scale of work (being such a small business) with regards to Annex A and which of the 114 controls are going to be necessary.

  • ISO 27001 controls (SOA)

    1. Would you mind please explaining to me how can we justify the inclusion/exclusion of controls in the SOA?

    2. And how can we justify the exclusion of a part of SMSI from the scope?

  • ISO 22301/business continuity

    I m currently setting up our QMS(ISO9001) toward ISO22301. Currently, I m focusing on Clause 8 due to BCMS requirement. I want to simplify this system as much as possible and yet we are still implementing risk management to our system. For risk assessment, we are using SWOT but if needed we will use the Risk matrix system. Using our risk management system, we can check if we need to go further if it hit on the high-risk scale.

    1 - Question, am I going on the right path, and what are the pitfalls I may encounter. Some of our processes are relying on digitalize information system and if system fail we rely back to our manual system. We have not decided to go for ISO27001 yet.

    2 - Question, am I right to say that we only select such key cases on doing our BCMS and use those cases for the certification of ISO22301.

    3 - Final question, I saw the BIA template, it may be complicated for my staff to understand and use them effectively. Question is there any simpler template to use.

  • Equipment maintenance

    How can I define Equipment and what equipment to include i.e. in A.11.2.4 Equipment maintenance. Also for Asset Inventory and ownership; How to define what assets are in and out?
Page 175 of 544 pages