ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001 Internal Auditor Course Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Asset inventory content

    I have a question about column F of the asset inventory („implication / consequences“). The toolkit-comment says to transfer the data from the risk treatment directory. We don't have each asset from the asset inventory listed in the directory for risk treatment. Should column F only be filled in if it appears in the risk treatment directory?

  • ISO 20k risk management process for BCMS

    I currently have a set of Risk Management Process which is written up using the ISO 20K SMS objectives. There is already a risk treatment and risk plan, with the risk methodology based on ISO 31000:2018 standard. Question is:

  • System/App Retirement & Decommissioning

    Hi, What would be the most appropriate ISO 27001 control sets relevant to system/app decommissioning? I want to reference them in a procedure document. Thanks, Brian.

  • Statement of Applicability

    I am trying to understand if I need to refer to all the controls of Annex A. Meaning - do I need a table of compliance that indicates which controls I used and marked the others as NA - or a similar tool ? I read paper that you wrote and it does not refer to the above specifically. Can you please clarify ?

  • Risk assessment approach

    I’m currently working on research on the best option for Risk-Assessment (RA) Methodology and Templates. I believe that, a process based RA methodology would be more easily applicable in our case(For upstream Oil&Gas company) than an asset based methodology.

  • Record management

    In addition to our conversation, I would like to clarify where in the Toolkit (or something else) there are templates of the documents which describe the procedures for recording and storing information about information security incidents, as well as managing them.

  • Security and compliance

    Which will be the certification to take for someone working in Security and compliance department in an organization - software development organization?

  • Annex A controls

    I'm a Cyber Security student trying to understand a little more about ISO 27001:2013. Would you be able to provide a summary of the control sections in Annex A please?

  • ISMS Manual

    Do you know if an ISMS Manual is still required for compliance with ISO 27001? I have read that this feature is not required anymore.

  • CMMI and ISMS

    Is there any material I can refer to which integrates / maps CMMi and ISO QMS and ISMS?
Page 226 of 544 pages