ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 14001 Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Residual risk

    I am busy with the Risk Assessment of ISO 27001 just want to find out if I should calculate the residual risk based on the treatment plan which has not implemented as yet or should I wait for the treatment plan to be implemented before populating the residual risk?

  • Template content

    1. Item A 18.2.2 and A 18.2.3. What would be the policy that I can use to cover these 2 points? I could not find any documentation in toolkit.

  • Section A.18.1 Compliance with legal and Contractual Requirements

    I would like to know which form should I use to full fill this requirement?

  • BIA questions

    I was going through with the implementation team on some of the templates which we have purchased under the toolkit, one of which is the BIA questionnaires. We would like to know if you have a list of definition to the questions in the BIA template. We would want to have a common understanding to each of the questions. Examples those below shown below.

  • ISMS vs ISMF

    Can you tell me what is the difference between an information security management system and an information security management framework?

  • Document review

    I would just like to ask what is the most appropriate document review frequency of ISMS policies & procedures, should it be yearly or bi-yearly?

  • Audit standard

    I have started my career as a Info security consultant where I will be a part of audit and risk assessment.

  • ISO 27001 certification

    I have a question on ISO certification. If I plan to use common control framework during planning of security program consisting of NIST CSF core, NIST 800-53, ISO 27002 k, GDPr etc.. then in future can organization certified with ISO 27002K?

  • Physical access control

    Please I'll be needing your clarification on a particular ISO 27001 control A11.1.2 Physical entry control.

  • Inputs for risk assessment

    As per my knowledge we first list ALL the information assets and based on evaluation of CIA (rating of medium/high/VH), we proceed performing Risk Assessment. However as per ISO 27k:2013, the trigger for identifying risks starts from extracts of internal and external issues while documenting scope. Can you please explain if I should consider both extract from BIA(medium/high of CIA) + Trigger from Internal issues and external issues for Risk Assessment or otherwise?
Page 231 of 544 pages