ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment ISO 9001 Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit ISO Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • CISA or CISM course

    I would like to have the CISA and CISM certification and want to know which of the ISO 27001 courses meet that. Is it the Lead Implementer or the Internal Auditor course?

  • A.12.7.1 Information Systems Audit Controls

    1. Does executing the Penetration Tests on the regular basis serves the purpose to be compliant with this Control or do you suggest any other method? 2. Do we need to Document a Formal Process of the Penetration test and execute it accordingly?

  • ISMS scope

    Are internal depts providing services to an ISMS scope, but not part of the scope managed as 3rd party suppliers

    My specific question is actually regarding asset ownership for assets in a 27001 scope which is a business unit in a company and not the entire company. How are asset owners addressed/managed if they are actually working in a business unit external to the scope. For example, IT assets used within scope, however, they are owned by a Group IT function? I do hope this makes sense?

  • Acceptable use policy

    I have a quick question, the acceptable use policy.

    1. When it is ready, can it also be used as information security policy? As a more detailed version?

    2. And secondly, is it necessary that employees sign the acceptable use policy? Or is it good enough to communicate the policy within the organization?

  • Company records

    Why is it not best practice to classify all company records as confidential?

  • 27018 controls

    Re ISO 27018, we have a substantial amount of our infrastructure in the cloud (Azure and Google).  Do we need to apply any 27018 controls, or can we cite the compliance of Google and Microsoft with the ISO standards to check that box?

  • Risk analysis process

    At the moment, I have a query. In my experience, risk analysis is a process that takes a long time to implement in companies (in some cases 3 years to make the first turn). And how do we know it starts and never ends. In this regard, what is the level of initial risk analysis that they recommend? taking into account that generally when an organization decides to implement the security policy as soon as possible.

  • Process diagram

    1. I would like to know if there is an excel template to register a new change.

    2. And the other thing is about the process diagram. I believe it is essential for that document.

  • ISMS scope - Networks and IT infrastructure

    I just started to look into your ISMS scope template and video but 3.4 Networks and IT infrastructure not explained your video tutorial.

    About my company: It's a *** based software development company (mobile apps and web development) and around 15 employees working in my company.

  • 5.1 Leadership and commitment

    1. What Template in our Toolkit contains this Clause?

    2. Can we be compliant with this clause maintaining our Information Security Policy? If yes, what shall we give emphasis on apart from company Policies and guidelines?
Page 179 of 544 pages