ISO 27001 & 22301 - Expert Advice Community

CISO role vs ISO 27001 implementer

For a new startup , we are hiring a CISO. At the same time we need help with the implementation of ISO 27001 as well. Is it fair to expect a CISO to implement new ISO policies, procedures, training, asset risks and risk maps. On a scale of 1-100, we are about 30 in terms of implementation. Question is do we still need a consultant for implementation. We are about to interview candidates for CISO, What can we ask him to convince ourselves that he can do both. Do they generally come with the implementation skill or they would be asking for an additional consultant

Appreciate some feedback on this. I enjoy reading your book a lot.

Implement ISO 27001 & ISO 22301- ISMS and BCMS Manual

Please clarify I couldn't find ISO 27001:2022 ISMS manual and ISO 22301:2018 BCMS Manual in your package, in the List_of_documents_ISO_27001_ISO_22301_Premium_Documentation_Toolkit_EN also it's not mentioned. I need both ISMS and BCMS manuals.

Here in *** market clients want ISMS manual and BCMS Manual to get supplier registration process of client.

Filling Procedure for Document and Record Control

I am making a start on the documents, and I have started with 01 Procedure for Document and Record Control.

In the “purpose and scope and users” section

We are doing both ISO 27001 and ISO 22301 together so do we:

1. Take our Business Continuity Management System and leave ISMS to cover the two, or
2. Put an “and” in between ISMS and BCMS so we include the two?

I hope this makes sense. 

Look forward to your expert opinion

How to update policy in Conformio?

How to track changes made to a policy that has already been approved and implemented, once tasks to update are marked as completed in Conformio, and how to provide evidence for these changes.

Scenario:

We must revise a particular policy every two weeks.
In Conformio, recurring tasks will be generated.
The user will mark  tasks as completed
1-How can this modification be tracked in Conformio?
2-what evidence can be presented and where?

Corrective action logs

We are working on the ISO 27001 implementation and one of the questions that popped out to us is about the corrective action logs.

May I know what are the requirements of the corrective action logs? What elements should them be included?

Toolkits ISO 27001 & ISO 22301

I received the documentation concerning A.6 to A.17 and I have 2 questions:

1) Where is the documentation concerning A.18 (Compliance)?
2) What about the Annexes A.1 until A.5?

In addition I would like to ask if you deliver training materials about the ordered documentation? I already entered ISO 22301 & iSO 27001.

Como podemos adequar nossos processos para implementar a ISO 27001?

Como podemos adequar nossos processos para implementar a ISO 27001?

Adapting processes to implement ISO 27001

How can we adapt our processes to implement ISO 27001?

Gap Analysis Question

I would like to know if it is necessary to define a scope to conduct a gap analysis. What is the best practice?