ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment ISO 9001 Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit ISO Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Consulting

     We received this question:

    Cordial saludo!
    Requiero hacer un diagnóstico de Plan de Continuidad del Negocio - ISO 22301 y plan de gestión de seguridad de la información - ISO 27000 para una empresa del sector salud, me podrías recomendar bibliografia

    (Cordial greeting!
    I require a diagnosis of the Business Continuity Plan - ISO 22301 and the information security management plan - ISO 27000 for a company in the health sector, could you recommend a bibliography)

  • Objectives documentation requirements

     In an ISMS project, should there be a separate document for High Level Info Sec Objectives and another for Low level Objective? High level in Information Security Context, Requirements and Scope document and low level in ISMS Policy document ?

  • A.6.2 Mobile Device and Teleworking Policy

    Our team has recently started to look into the documents from the package.
    At this moment I am trying to start working on the “A.6.2 Mobile Device and Teleworking Policy”. In this document, there’s a point which says:

    "protection of sensitive data must be implemented in accordance with the [Information Classification Policy]"

    Can you please provide some guidance hear, what should we add in information Classification Policy or what kind of techniques can help us to Implement this Process?
    Can you please help us with it document at the earliest possible.

  • ISO 27001 Security Awareness Training

    Hi,

    Can your Awareness training cover some of your controls without need to further document. Say for instance i have a slideshow presentation and it covers media handling. It is ok to say that the control is selcetd in the SoA and reference out to the training document?


    Thank you,

  • A-14.2.5 - Secure system Engineering Principles

    As per ISO27001 “Secure system Engineering Principles” is a mandatory document. I went via multiple threads in https://community.advisera.com  as well. Any specific reason why Advisera doesn’t provide a template for the same in Toolkit in spite of being a mandatory document.

  • List of regulatory, contractual and other legal obligations

    I noticed that in some comments on the templates, the links that involve videos or articles to clarify the correct filling of the document are broken, especially those from *infosecpedia.info domains and in some cases from *iso27001standard.com.

    I would like to know what to fill in the columns of the "List of regulatory, contractual and other legal obligations"?

  • MATRIZ RACI ISO 27001

    Con el fin de establecer las responsbilidades de TIC y Seguridad de la Información, quisiera saber si talvez ya han preparado este tipo de documentos por favor Muchas gracias.

  • Annex A

    Hello, I bought ISO27001 full package documents.
    I'm wondering if all of the items in Annex A are mandatory?

  • Internal Audit

    In reference to your conversation, could you please advise who should approve the Internal Audit?

    We have a CSO and an AVP, Info Sec.
Page 186 of 544 pages