ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment ISO 9001 Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001 Internal Auditor Course Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Implementing asset register

    "Tengo que hacer un sistema para un auditor, utilizando la norma iso 27001

  • Filling in the List of Requirements template

    1 . We are in the beginning stages of implementing ISO 27001. We have purchased your ISO toolkit. We are working on the 02 Identification of Requirements documentation. Please help us in understanding the following for the Appendix 1 – List of Legal, Regulatory, Contractual and Other Requirements document: How detailed do we need to get when listing our requirements? Do we need to list each requirement in the ISO (Annex A), HIPAA, or other standards and determine the responsible person for each? Or, can we just reference the standard?

  • 27001 certification audit

  • Wiki as document repository

    An easy one. What should we do in case we have an internal wiki (such as Confluence), where we update procedures “on the go” (i.e. backup procedure), and the mandatory 27001 docs? Should I copy/ paste the procedure from the wiki into , in this case, the Operating procedures for ICT, or it would be enough with a link?

  • How to implement ISO in a Bank?

    How to implement ISO in a Bank?

  • Risk management for email service

    I found two diagrams from your provided link: Diagram_of_6_steps_in_ISO_27001_risk_management_EN and Diagram_of_ISO_27001_risk_assessment_and_treatment_process_EN. As per the “Diagram_of_ISO_27001_risk_assessment_and_treatment_process_EN” where risk assessment is done based on asset where threat, vulnerability are mentioned related to ISMS Clauses. Our observations: How can we assess the risk management of any service (For example: e-mail service) instead of asset(Laptop). What would be the process?

  • Project Manager as internal auditor

    I have an inquiry about if a Project Manager in charge of implementation of the ISO 27001 also can be the internal auditor of the ISMS and coexist with a CISO?

  • ISO 27001 and ISO 27002

    Can you break down the main differences between an ISO 27001 and an ISO 27002 certification? Is 27002 a higher standard then 27001? I want to be sure that if we are going through the effort to be certified that we are working towards the right goal for our organization.
Page 237 of 544 pages