ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit AS9100 Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISMS interfaces and dependencies

    How can I show that the consideration of interfaces and dependencies is in place in a company? from the IMS manual or where?

  • ISO 22301 and Disaster Recovery Plan

    Why does ISO 22301 Not talk about aligning with a DRP process? we live in a digital world and to recover requires a strong DRP and also a link to a Crisis management center either virtual or real? none of the standard means anything without an IT Disaster recovery program and DRP site to make it happen.

  • List of Legal Regulatory Contractual and Other Requirements

    Hi - I am ploughing through the ISO 27001 toolkit I purchased a few months ago, but I haven't yet set up the complimentary live consultation. I plan to after I am a little more progressed. In the meantime, I am really struggling with the above. 
    We are a small SaaS startup. Do you have a non-confidential example document of this schedule you can send to me to get me started sketching out some example requirements from the likes of Employees, Shareholders, Clients? Government Act compliance is pretty straight forward.

  • Internal audit report

    In which document is my question: Internal audit report

    Question:
    Is the "audit trail“ (in German the „Prüfpfad") the audit method?
    Questions about which documentation was checked, with whom were interviews conducted, which systems were checked are pointing to the method (in my understanding).

  • Plan for Training and Awareness

    Does it make sense to include the Confidentiality Agreement and the Declaration of the acceptance of isms documents in the Plan for Training and Awareness? As an awareness action?

  • Retention period - Training and awareness plan

    Would you mind telling me what the average retention time of such plan is? The template says: "This document must be kept for [number] of years

  • Documents and records management

    Hi, we've achieved ISO 27001, we are in our second year. I'm struggling with how to organize all the evidence, records, documents so I can access them quickly especially when an external auditor comes. Any suggestions?

  • Review of information systems

    12.8 Review of information systems - I would like to hear your consult and opinion on how and what is required for Review of Information Systems or IT Audit Plan.

  • Recording evidence

    I have a question about the record of the Disaster Recovery Plan (chapter 8). The record talks about "the record of the implementation of the recovery step". Does it mean a record about one step? Or can we describe in this record different steps?

  • Security of suppliers

    En la universidad estoy viendo una materia "Auditoría de Sistemas" donde vemos la norma ISO 27001. Pronto tengo una exposición sobre cómo dar cumplimiento al control A.15 y tengo muchas dudas, me gustaría contar con un poco de ayuda de un experto.
Page 211 of 544 pages