ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment ISO 9001 Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit ISO Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Incident response training

    What type of training should the incident response team have to fulfill their roles?

  • Toolkit content

    I am looking for the scope for the BCMS. The 27001 toolkit is a combined toolkit for 27001 and 22301, but the scope fr 27001 does not seem to cover r refer to 22301 in any way. If you could clarify for me whether there are any other missing 22301 templates from the toolkit

  • Controls for Acceptable Use Policy and awareness

    Are the controls for Acceptable Use Policy a guide in creating security awareness workshops for staff?

  • ISO 27001 certification coverage

    We are a global company with branch offices up to 27 countries and soon to be more. That being said, if our office gets ISO 27001 certified, will the other branch office be certified and/or have the ability to say they are ISO 27001 certified?

  • Information security requirements

    Can you help me with this query: What information security requirements should be included in contracts with suppliers?

  • ISO 27001 implementation

    Can I implement ISO 27001 as a stand-alone system or should I also implement ISO 9001

  • Inventory of assets

    Is it necessary to have a policy/procedure for asset management/inventory or is it enough to have the records showing the asset and the owners?

  • Certification of IT Service Provider

    Can an IT Service Provider get certified for ISO 27001 done out at client locations

  • Classification policy

    In the policy:

    Steps and responsibilities for information management are the following: 

    Step name
    1. Entering the information asset in the Inventory of Assets 
    2. Classification of information
    3. Information labeling
    4. Information handling

    If classified information is received from outside the organization, [role] is responsible for its classification in accordance with the rules prescribed in this Policy, and this person becomes the owner of such an information asset.

    We receive data files very often, are we required to enter each and every one of them into the inventory of assets? That sounds onerous from our perspective, and that inventory would be extremely long and a burden to keep up to date. Is it permissible to instead include a description of the data/file type that we receive ?

  • Risk owner

    1. I'm trying to find out who the risk owner would be for a technical risk (one of the nine from the STEEPCOIL)

    2. With regards to the risk categories, do you know which one a power surge or a loss of power would fall under?
Page 190 of 544 pages