ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit AS9100 Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Risk management process

    Is the following order of steps for the risk management process provided in the iso27001 foundation course correct?
    Shouldn't the RTP be created before the SoA?

    1. Define risk assessment methodology
    2. Conduct risk assessment
    3. Select risk treatment options
    4. Create Statement of Applicability (SoA)
    5. Create risk treatment plan (RTP)

  • ISO 27K Competences

     Please advice about CISO Competences required by ISO 27K, those that needed to be documented.

  • Risk Analysis

    Estoy creando documentación para gestión de Riesgo, La documentación dice evaluación de riesgo, quiero saber cual es el GAP que me faltaría o estamos hablando de lo mismo. El requisito a cumplir es: Implementar un proceso formal de gestión de riesgos de información que incluya la identificación y clasificación de los activos de información, impacto de riesgo, probabilidad de riesgo y puntajes de riesgo con definiciones cuantitativas, tratamientos de riesgo, definición de planes de tratamiento, seguimientos formales, implementación de reuniones del comité directivo y re-visita cicle de acuerdo con ISO-27005 y ejecute la primera evaluación anual de riesgos.

  • Audit checklist points

    I am looking for audit checklist points which can be done remotely while user is on work from home

  • Risk assessment

    1. Do we need to identify the risk?

    2. What are the differences between existing controls and planned controls and after which step we can identify them?

    3. How we can fill these fields?

  • Internal audit

    1. Must first internal audit be executed before certificate audit?

    2.  If so, must it cover every area or is it ok to audit some areas after certification audit?

  • Differences between Opportunities and Objectives

    What are the differences between Opportunities and Objectives?  E.g. when is it an opportunity and when is it an objective?

  • Incident response training

    What type of training should the incident response team have to fulfill their roles?

  • Toolkit content

    I am looking for the scope for the BCMS. The 27001 toolkit is a combined toolkit for 27001 and 22301, but the scope fr 27001 does not seem to cover r refer to 22301 in any way. If you could clarify for me whether there are any other missing 22301 templates from the toolkit

  • Controls for Acceptable Use Policy and awareness

    Are the controls for Acceptable Use Policy a guide in creating security awareness workshops for staff?
Page 189 of 544 pages