ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment ISO 9001 Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit ISO Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Clarification on Scope of Work

    1. What should be important considerations while defining Out of Scope in Statement of applicability?

    2. If I have some systems which are currently running on obsolete technology or not in support technology, what does that mean for my ISO 27001 Stage 2 assessment and what impact it can have on certification?

  • ISO 27001 Certification

    We're a SaaS Company, requiring to get ISO27001 Certified. We've previously been certified with FedRAMP, SOC2, and our current documentation follow all NIST guidelines. How do we make the transition?

  • Risk treatment plan

    How to set up a good RTP

  • Certification ISO 27001

    How long must a sgsi (ISMS) be operating to pass the certification process

  • Measures and Metrics

    We have been struggling to get our measures and metrics right. Is there any best practice or education around measures and metrics?

  • How to control data tape movement during COVID19

    We are ISO certified organization and due to COVID 19, we are not able to comply controls i.e. backup tapes movement from one location to off-site location

    How do we address this? Is there any advisory published by ISO / any template /format where we can mention this and take approval from management & it will be helpful during the audit as well.

  • Corrective actions

    How an auditor can verify that agreed corrective actions have been effectively implemented?

  • Internal Audit - choice of auditor

    Is it typical in smaller companies (50-100 employees) that for the internal audit an external auditor is being hired?  Or should you be thinking of somebody internally in the first place anyhow?

  • Business Continuity Policy 22301

    1. I'm reading the Business continuity Policy according to ISO 22301; I Don't understand why it is written, "Because in many cases the executives have no idea how business continuity can help their organization, which means they won’t be particularly interested in supporting the business continuity effort in their company."
    How it can be possible?

    2. If they are not involved that plant will be closed?

  • 8.1 Operational planning and control

    Since the Clause itself says “The organization shall keep documented information to the extent necessary to have confidence that the processes have been carried out as planned.”, does the Document in your Toolkit “Project Plan” fulfills the requirement of this clause? Since we will be planning the different phases of ISMS implementation in this doc and carrying out accordingly, do we require any other Documented info as it is a mandatory Doc to avoid major non Conformity.
Page 181 of 544 pages