ISO 27001 & 22301 - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Submitting CAPA for NC on opportunities for Improvement

    I had a query. Can you kindly support me? Do we need to submit CAPA for NC on opportunities for improvement?

  • ISO 27001


    I need some clarification about the documents 5.1 and 5.2 of the iso 27001
    In the "Number" field exactly what should be entered? Is a sequential number enough?

    Thank you in advance.

  • Which bodies are obligate to have ISO 27001 certification?

    Hello, I want to know which bodies are obligate to have an ISO 27K certification?

  • Audit Checklist

    I am currently reading through the Audit Checklist of your ISO27001 package.

    I am confused by the mixing of Business Continuity and IS Tasks.

    While there are many BC Questions that are irrelevant for my purposes, I am missing the entire section 8 of ISO27001.

    Also when adapting the BC Tasks for IS, I later find that comparable questions are stated in later sections. 

    Can you perhaps provide an updated Checklist with better focus on ISO27001?

  • Requirement of Clause 8.1

    Greetings! I already bought your 27001 kit, but I do not see where it addresses the requirement of Clause 8.1

  • Statement of Acceptance of ISMS Documents

    We're a fairly small organization with only a few employees and a handful of 3rd parties helping us out with sales, compliance etc.

    We have used the "Statement of Acceptance of ISMS Documents". Could that be sufficient for "awareness training"? I mean that they sign this after reading all the documentation? Or we could add a few questions related to the policies that they were required to answer when submitting the statement?

    Would this be sufficient? Or is it expected by the auditors that we've bought some online tool to manage this such as the awareness training you and other companies offer?

  • Conflicting approaches to Risk Assessment

    I need to reconcile what appears to be two conflicting approached to Risk Assessment:

    The toolkit's approach is as follows: Assets-Threats-vulnerabilities The Conformio approach is Assets- Vulnerabilities-Threats-Please explain

  • ISO 27001 - feedback about some documents

    Could you please give me a feedback regarding these documents 10.1, 10.2, 11.2 and 12.1?

    There are indicated as mandatory. but we think that must be filled after the audit step right?

    Maybe only the document 10.1 must be filled now.

    We are waiting for some news.

  • Implementing controls

    Another question please, in implementing an ISMS to ISO 27001 standards, should all the controls in a particular policy be implemented? E.G. A12.1.1, Controls against Malware in the implementation guidance in ISO 27002, has 12 controls. Should all 12 controls be implemented in order to meet the requirements of the standard?

  • ISO certification questions

    I purchased the ISO 27001Toolkit and have two questions,

    1) Is the risk assessment documents in the toolkit in line with ISO 27005, e.g. we as organization, after we are ISO Certified using the toolkit can say we adhere to ISO 27005?

    2) ISO is international, it would be the same as Canada as it would for New Zealand as an example.

Page 2 of 470 pages