ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment ISO 9001 Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit ISO Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Agile methodology and ISO 27001 implementation

    What book can you suggest to me for learning agile methodology and are there any forms to guide the project towards that methodology?

  • ISO 27001 and PCI DSS/ PA DSS

    How much will iso 27001 cover scope of PCI DSS/ PA DSS?

  • Risk assessment table

    From the tutorial:

    1. is the risk rating based on taking into account existing controls or in the case of no controls at all, before controls are applied?
    How does control No 4 affect the risk level of risk no 4?

    Shouldn´t the sequence be:
    - assess risk
    - take into account existing controls
    - update risk taking into account existing controls
    - perform risk treatment for unacceptable risks and document in risk treatment table
    -define a risk treatment plan

    2. what about existing controls for No 1-3? None implemented yet?

    3. What about controls for risks that can be accepted?

  • Risk management process

    Is the following order of steps for the risk management process provided in the iso27001 foundation course correct?
    Shouldn't the RTP be created before the SoA?

    1. Define risk assessment methodology
    2. Conduct risk assessment
    3. Select risk treatment options
    4. Create Statement of Applicability (SoA)
    5. Create risk treatment plan (RTP)

  • ISO 27K Competences

     Please advice about CISO Competences required by ISO 27K, those that needed to be documented.

  • Risk Analysis

    Estoy creando documentación para gestión de Riesgo, La documentación dice evaluación de riesgo, quiero saber cual es el GAP que me faltaría o estamos hablando de lo mismo. El requisito a cumplir es: Implementar un proceso formal de gestión de riesgos de información que incluya la identificación y clasificación de los activos de información, impacto de riesgo, probabilidad de riesgo y puntajes de riesgo con definiciones cuantitativas, tratamientos de riesgo, definición de planes de tratamiento, seguimientos formales, implementación de reuniones del comité directivo y re-visita cicle de acuerdo con ISO-27005 y ejecute la primera evaluación anual de riesgos.

  • Audit checklist points

    I am looking for audit checklist points which can be done remotely while user is on work from home

  • Risk assessment

    1. Do we need to identify the risk?

    2. What are the differences between existing controls and planned controls and after which step we can identify them?

    3. How we can fill these fields?

  • Internal audit

    1. Must first internal audit be executed before certificate audit?

    2.  If so, must it cover every area or is it ok to audit some areas after certification audit?

  • Differences between Opportunities and Objectives

    What are the differences between Opportunities and Objectives?  E.g. when is it an opportunity and when is it an objective?
Page 189 of 544 pages