Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Use promo code:
CTA20

ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Contractual obligations

    Hi Dejan!

    I hope you are well and don’t mind me reaching out. I am in the process of drafting legal and contractual obligations for the company ISMS and wanted to ask if you would kindly be able to share an example of each?

    I’m struggling to find examples online, particularly for contractual requirements and how this should be documented.

    It would also be good to know in your experience, the average number of legal and contractual obligations a medium sized organisation would usually need to have.

    Any help would be greatly appreciated.

  • ISO 27001 applicable legislation

    Are you able to advise on applicable laws and regulations in scope for ISO 27001 in the UK? If unable to confirm on applicable law on specific countries, then can you please advise on the standard regulations?

  • Change Management in Conformio

    Good morning. Please advise as to whether there are procedures regarding Changes required in Documents within Conformio, for example, artifacts pertaining to ISMS. If so, are they related to a Formal Change Management Procedure? If so, where is this Recorded?

  • Residual risk

    Thanks for a very informative webinar on risk assessment. I have 3 questions please:

    In your experience what would you say about multiple risk assessments for in-scope Business units as opposed to one asset-based risk assessment for the company? I ask because I work for a large company with over 3000 employees and it’s hard to do one risk assessment for the entire company as different assets are owned and managed by different teams/Business units, and these even overlap sometimes, e.g. an asset may have multiple owners.

    How would you determine the residual risk scores after you have implemented the controls to manage risks identified? Do you create another 2 columns for impact and likelihood after the initial impact and likelihood assessment that resulted in the inherent risk scores?

    In terms of scoping the risk assessment you mentioned using our ISMS scope statement but our scope isn't based on assets but on processes?

    I look forward to hearing back from you.

  • CISO role vs ISO 27001 implementer

    For a new startup , we are hiring a CISO. At the same time we need help with the implementation of ISO 27001 as well. Is it fair to expect a CISO to implement new ISO policies, procedures, training, asset risks and risk maps. On a scale of 1-100, we are about 30 in terms of implementation. Question is do we still need a consultant for implementation. We are about to interview candidates for CISO, What can we ask him to convince ourselves that he can do both. Do they generally come with the implementation skill or they would be asking for an additional consultant

    Appreciate some feedback on this. I enjoy reading your book a lot.

  • Implement ISO 27001 & ISO 22301- ISMS and BCMS Manual

    Please clarify I couldn't find ISO 27001:2022 ISMS manual and ISO 22301:2018 BCMS Manual in your package, in the List_of_documents_ISO_27001_ISO_22301_Premium_Documentation_Toolkit_EN also it's not mentioned. I need both ISMS and BCMS manuals.

    Here in *** market clients want ISMS manual and BCMS Manual to get supplier registration process of client.

  • Filling Procedure for Document and Record Control

    I am making a start on the documents, and I have started with 01 Procedure for Document and Record Control.

    In the “purpose and scope and users” section https://i.imgur.com/wFfvKs9.png

    We are doing both ISO 27001 and ISO 22301 together so do we:

    1. Take our Business Continuity Management System and leave ISMS to cover the two, or
    2. Put an “and” in between ISMS and BCMS so we include the two?

    I hope this makes sense. 

    Look forward to your expert opinion

  • How to update policy in Conformio?

    How to track changes made to a policy that has already been approved and implemented, once tasks to update are marked as completed in Conformio, and how to provide evidence for these changes.

    Scenario:

    We must revise a particular policy every two weeks.
    In Conformio, recurring tasks will be generated.
    The user will mark  tasks as completed
    1-How can this modification be tracked in Conformio?
    2-what evidence can be presented and where?

  • Corrective action logs

    We are working on the ISO 27001 implementation and one of the questions that popped out to us is about the corrective action logs.

    May I know what are the requirements of the corrective action logs? What elements should them be included?
Page 20 of 544 pages