ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit AS9100 Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 27001 implementation

    We are looking to implement ISO 27001 at work to be ready if we needed to be certified in the future; I have a couple of questions about ISO 27001 toolkit.

    1. Do I need to be ISO 27001 certified implementer to implement it?
    2. Will I be able to follow the toolkit documentation to implement it, If we get your ISO 27001 toolkit?
    3. Do I need ISO 22301 toolkit too or ISO 27001?

  • Certification of Lead Auditor for external ISO 27001 audit

    Please clarify whether an accredited external third party must use an ISO certified Lead Auditor to conduct a certification audit.  I found the following statement, but it is unclear whether the Lead Auditor must have professional certification in the ISO 27001 standard.

    "If an individual wants to issue an ISO/IEC 27001 certificate of compliance then the audit must be done by a Lead Auditor working for an accredited certification body and done using all the rules of that certification body, which will need to adhere to ISO17021 and ISO27006."

    I signed a consultant agreement with a company to assist with the ISO 27001 ISMS, which has been awarded ISO certification annually for the past eight years. The external audits were performed by BSI.

    The Company is considering using an accredited body other than BSI to conduct the ISO 27001 certification audit in 2020.  The Statement of Work does not indicate that the audit team uses a certified Lead Auditor to complete the ISO 27001 certification audit. The auditors are Information Security Auditors certified by ISACA but they do not hold a professional certification in the ISO 27001 standard.

  • Information Security Games & Quiz for Employee Awareness

    To avoid the Information Security Awareness of the Employees Only through PPT,s, do you Suggest any Source for Quiz and Games for the Awareness. I think Awareness through Games and Quiz will be very useful in bringing more interest of the People towards Information Security.

  • Business Impact Analysis

    Apart from Risk Assessment, do we have to do the Business Impact Analysis also to be compliant with ISO 27001?

    If yes, does our Document Toolkit contain the Documentation of doing the BIA?

  • Cost of ISO 27001 certification and Internal auditor re-certification

    I am trying to estimate the cost for ISO 27001 certification with my company and I am trying to figure out for Internal auditor certification is there a requirement that auditors get recertified periodically?

  • Maintaining ISMS Certifications from a merging company

    This is a scenario. Company A is currently ISMS certified – The scope: Security Operation Center (SOC); location at office A, using System A Company A need to be re-certified by end of February. Company B (not ISMS certified) bought over company A. Their merging exercise to be completed in March. They intend to relocate the SOC to location B, may be used new System B (later after the relocation). They want to maintain the ISMS certification of the SOC (previously company A). Appreciate your advise: What is their action plan in order to maintain the ISMS certification? Company B also intend to extend the scope of ISMS – New Scope – Whole company? What they need to do? Thank you

  • Toolkit selection

    Which of your Toolkits is the best option:
    ISO 27001 DocumentationToolkit or ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit?
    Can we guarantee that the 13 points mentioned below are covered in either of our Toolkits?

    1. Encryption key management
    2. Network segregation
    3. Audit logging
    4. Patch and vulnerability management program
    5. Information security awareness, education, and training
    6. Physical and environmental security
    7. Operational procedures and responsibility
    8. System acquisition, development, and maintenance – including secure coding practices
    9. System access control
    10. Personnel security
    11. Backup
    12. Encryption at Rest
    13. Security Monitoring Practices

  • Control application

    Regarding A.17.2.1, our business is to provide services to our customers via cloud resources. Would this annex apply to all our customer-facing services as well or can it apply only to our corporate environment and part of our corporate business continuity strategy?

    Trying to determine if we can write our policy to only include corporate and not customer resources.

  • Physical penetration testing

    How does the ISO 27001 view physical penetration testing?

  • Obtaining management support

    How do I convince my top management about ISO 27001/ISO 22301?
Page 201 of 544 pages