ISO 27001 & 22301 - Expert Advice Community

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

Assign
  • GDPR vs 27001

    Can you please explain me briefly how to perform the risk assessment for biometric data (GDPR), using a computer, one employee and a biometric reader (ISO 27001)?

  • Document content

    I’m watching the “How to Write ISO 27001 Procedure for Corrective and Preventive Action” video tutorial, and there our document is missing parts that he demonstrates is in his document. For example, the 3.1 introduction is not in our document.

  • GDPR vs 27001

    Can you please explain me briefly how to perform the risk assessment for biometric data (GDPR), using a computer, one employee and a biometric reader (ISO 27001)?

  • Becoming accredited ISO 27001 auditor or implementer

    How does one become an accredited iso 27001 auditor or implementer to be able to give the certification to other businesses?

  • ISO 27001 Process

    My problem is I am stuck at the Risk Assessment Table and Statement of Applicability stage. 

    With the RAT I think the challenge is getting started the right way: it is a daunting task that requires whole of business input and I suppose I do not feel adequately qualified to guide the process;

    Similarly on SoA I do not feel I can make the call on what is applicable, nor guide the business in the process of discovering this.

    Any guidance you can share would be appreciated and when I have some more specific questions it would be good to organise an hour of power with you (your early morning bearing in mind the time difference).

  • ISO 27001 implementation

    'm responsible for an ISO 27001 implementation on my company. I took some courses to gain knowledge on how to implement the standard, but I still feel insecure to be leading a project so complex.

    In the moment I have a ponderation:

    - Is there other way to go over the process mapping for implementation (involves ISO 38500) or it is an indispensable pre requisite?

  • How safe is a certified company with ISO 27001 and ISO 27701?

    How safe is a certified company with ISO 27001 and ISO 27701?

  • Use of privileged utility programs

    Hi, does anyone have guidance on how to test the control relating to 'Use of privileged utility programs'? Does anyone have examples of what 'privileged utility programs' are? What specific test procedures do you conduct for this control? Thanks.

     

     

  • Customers and Register of Requirements

    In the example for this section, "XYZ bank" is identified by name as a customer in the register. We are a SaaS provider with over 1,000 companies using our product to service their clients. We certainly do not need to list each and everyone since our service/product is the same for all. How would we identify our clients then?

  • Concern points 4 and 5 of document procedure for document and record

    Good morning, these items refer to the registration of incoming mails that for me the purpose of these processes is not very clear. I would like to understand a little more about the subject. Thanks.

Page 2 of 448 pages