ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment ISO 9001 Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit ISO Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Objective for certification the university

    5 clear objective for certification the university would like to achieve according to iso22301 that is the questions

  • Annex A

    1. ISO 27001 Annexe - I have a question regarding A 14 System acquisition, development, and maintenance. We are a software development company. Does this part apply to software we develop (as a business) or only for internal soft we could develop I mean for internal use?

    2. ISO 27001 A 15 - May I apply this measure to the Critical IT supplier Only? Or should I apply to all suppliers?

    3. In annex A can we justify that we do not choose a measure by saying "company capacity is to light" or things like that?

  • Fast-track information risk assessments

    Hi,

    I have very limited time to conduct risk assessments - usually no more than an hour at most.  I think it is important to hold a face-to-face consultation to capture the initial info then follow-up by e-mail for further details to cover the inevitable gaps.

    How can I make the best use of the F2F time I have - what are the right questions to be asking when using a basic asset-threat-vulnerability methodology? 

    I appreciate this will be subjective and depends on lots of other factors - I'm just looking for a general approach at this point.

    Thanks,

    Brian.

  • ISO 22301 Communication Plan

    We have sourced the ISO 22301 documents from Advisera. Our Corporate Communications team is asking me to create a "Communications Plan and Crisis Management" Document as part of our BCP update. I don't really see any type of template for a communication plan. Is there one in the ISO 22301 suite of documents? Thank you.

  • Question about PII data

    What about PII Data? It´s necessary to get a Policy or just to make a refence to the laws

  • Annex A

    1. I love your videos. I want to be clear on something. How do the clauses and the Annex A controls work together for ISO 27001?

    2. Please does the workshop explain and takes a person through the implementation process.

  • Cryptography Controls

    Can you explain the implementation of cryptography control?

    1. Which areas we need to implement in an organization.

    2. Example of encryption and decryption policies.

  • Leadership requirements

    Ya hice la fase de diagnóstico, en la parte de implementación hice macromejoras para abarcar los puntos que no cumple la institución, en una macromejora tengo la parte de liderazgo, que puedo desarrollar para cumplir los asquectos de liderazgo? Tomando en cuenta que el proceso es de lotería impresa.

  • ISO High-Level Structure for standards

    I know that the new HLS specification structure consists of 10 clauses .. and this is derived from the concept of the continuous improvement cycle (PDCA), and when the specification pane is set on the improvement cycle, we find that some sources considered clauses (7 and 8) represent (DO) while other sources considered that clause (8) alone represents (DO) and clause (7) will be within PLAN . I wish to give me the correct and official opinion of this case
Page 184 of 544 pages