ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit AS9100 Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Audit evidence

    We recently went through our external audits and one of the findings that the auditor is looking for is the interface or integration of ISO 20000-1: 2018 and ISO 27001. This is not a requirement of the standard but this is something he is asking for,
    Can you help us with the same?

  • ISO27001 - Who should sign off on a risk?

    What is the best practice, Is there any recommendation as, Who is resposible to sign-off on a risk? 

    Is it CIO, CISO, Board of Directors or someone else?

  • Template contents

    I had noted that the toolkit covered the elements below but what about 18.1.2a&b, 18.1.3, 18.1.4&a&b, 18.2.1 and 18.2.2?

  • Cyber-security Career

    I am a Software professional having around 16+ years of IT experience, worked as Developer, Support Lead, ERP Technical Manager and Delivery Manager, etc.,
    For the last couple of years, I wanted to venture into the Cybersecurity domain and start my career in the Cybersecurity space.
    Could you please advise me on how to and where to start my path into this interesting zone?

  • Remote audit

    Hi - I am getting ready to conduct an ISO 27001:2013 internal audit of an organization. The plan was to conduct onsite visits in other countries. Question: Can I conduct a remote audit if possible?

  • Risk assessment

    A question about Risk Assessment: we're a small company (5 full time, 2 part-time staff). It would be simpler for us to say that the Information Security Officer is the asset owner for all assets. Is there a problem in doing that?

  • ISO 22301 book

    Sorry to disturb you I'd like to ask you if the 22301 book on amazon is related to 2019 version or 2012 thanks

  • ISMS documentation

    How do I construct an ISMS document and supporting documents?
    My management is not in agreement to do Business Impact Analysis Worksheet and Risk and opportunities Register to proceed.
    How can I convince them to do so?
    I need your continuous support in managing ISMS to achieve certification.

  • Template content - List of Legal, Regulatory Contractual requirements

    Now I have 2 questions if you could help me with these:

    If I choose to use: 02.1 Appendix 1 (List of Legal, Regulatory Contractual requirements) right at the start of the Project (because also Annex A 18.1.1. control is likely to be applicable), could you explain me:

    • 1. How detailed description should be used when documenting “legislative, regulative and contractual requirements”? I mean do you need to write down the Act of the suitable law and name every individual contract and its points (vendor name, contract point and description of the matter)?
    • 2. What does the standard mean to “identify and document organizations approach to these meet these requirements”?

  • Templates content

    Hi, which templates cover the following ISO 27001 clauses?

    A.8.3.1
    A.12.5.1
    A.12.6.1
Page 209 of 544 pages