ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 14001 Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • BS25999 and ISO 22301

    I have seen that your isms toolkit still refers BS 25999 in addition to isolate 22301. Is there any specific reason?

  • Confidentiality level of a document

    Would you mind telling my what level of confidentiality the "policy for the use of cryptographic measures“ usually has?

  • Difference between Risk Treatment Plan and Corrective Actions

    Hi, I'm not clear on why we would use 2 different documents for how we treat a risk identified and using the corrective action form. Can you give me examples so I can see the difference when they're used?

  • Performing risk assessment

    Hi I follow your articles diligently all of them; big admirer of your know how. One topic I couldn't find detail was actually doing Risk Analysis. Issue is when we do RA, we have defined Assets and then put owner and then C I A value; in assigning CIA values for different assets, would it be done based on value of that asset to company or threat marked for that asset. Which method would be correct, as I haven't seen any article anywhere explaining this. If it is based on value of that asset to company then chance is CIA markings for a asset would be same for different threat for a company, would it be correct?

  • Questions about risk assessment and treatment

    Last year I bought ISO 27001 package to implement a ISMS for a customer. I Used all the documentation but the auditor wants to know the risk analysis method used( méhari? Ébiseler? Etc....)

  • Assets for risk assessment

    Could you give me a sample of assessment table for middle range organization?

  • Scope definition

    Es cierto que una empresa puede certificarse en ISO 27001 sólo en una parte de la organización?, es decir por ejemplo sólo el área de Sistemas?

  • ISO 27001 systems audit

    I would like to know a little about systems audits on how control domains are evaluated and what does each control domain consist of")

  • Implementing ISO 27001

    I'm planing to implement ISO 27001 to a friends company that is a Security Guards company. He want's to get certified and be a pioneer, but i dont know how to apply the ISO on his specifics. Can we apply any point for physical guard security on the ISO?

  • Audit questions

    A quick two questions, if I may. I have an argue with the certifier (which in the end is always right…)
Page 227 of 544 pages