ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001 Internal Auditor Course Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Risk review

    We have been ISO 27001 certified for 4 years now. We had generally the same risks each year and the existing controls are sufficient in mitigating them. At this point, we're really struggling to identify new risks to mitigate and apply a risk treatment to each year. In your experience, is it possible to get by with just "existing controls are sufficient in mitigating this risk" for all risks that need mitigating? Or is it an absolute must to show a current risk treatment plan each year?

  • Access control policy

    Where is my question: Access Control Policy

  • Mandatory clauses

    I have read your books that I purchased on:

  • Certification holder

    Hi, I have a client who is seeking to be certified. However, the business is part of a larger company network. They desire to have the larger company be on the certificate, when they seek certification. Could you advise what the issues are in relation to this? They will still define the scope based on the actual assets impacted. It is just that the certificate would be issued to the holding company?

  • Major and minor nonconformities

    Gostaria de saber se a definição de não conformidade maior e menor apresentada no artigo abaixo é baseada em alguma referencia normativa? https://advisera.com/27001academy/pt-br/blog/2014/06/04/nao-conformidades-maiores-vs-menores-na-auditoria-de-certificacao/

  • Implementing ISMS in other Business Dept.

    Hi I have implemented ISO 27001 in IT dept. as scope and I have successfully implemented and got certified.Now I need to increase my scope to other departments. I need to know how can I do it ? How I will go the gap assessment ? What are the controls that I should do the gap assessment as most of the information processing systems lie within the IT dept. What information I have to protect as the information within other dept. will be confined to paper assets. Please advise me what approach should I take to extend my scope. Thanks

  • ISO and IEC

    Is it accurate to refer to the Standard as ISO 27001 whereas it's reference number is ISO/IEC 27001?

  • ISO standard for publishing industry

    Is there an ISO standard for placing records and documents into different types of categories for the publishing industry?

  • Decommissioning Apps/Software

    Hi, Where can I find good information on the process to follow when decommissioning apps/software/systems? I need something that aligns with ISO27001. Thanks, Brian.

  • KPIs for ISO 27001

    Hello, could you please inform what are the mandatory KPIs for ISO 27001?
Page 229 of 544 pages