ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 14001 Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • 27001 certification audit

  • Wiki as document repository

    An easy one. What should we do in case we have an internal wiki (such as Confluence), where we update procedures “on the go” (i.e. backup procedure), and the mandatory 27001 docs? Should I copy/ paste the procedure from the wiki into , in this case, the Operating procedures for ICT, or it would be enough with a link?

  • How to implement ISO in a Bank?

    How to implement ISO in a Bank?

  • Risk management for email service

    I found two diagrams from your provided link: Diagram_of_6_steps_in_ISO_27001_risk_management_EN and Diagram_of_ISO_27001_risk_assessment_and_treatment_process_EN. As per the “Diagram_of_ISO_27001_risk_assessment_and_treatment_process_EN” where risk assessment is done based on asset where threat, vulnerability are mentioned related to ISMS Clauses. Our observations: How can we assess the risk management of any service (For example: e-mail service) instead of asset(Laptop). What would be the process?

  • Project Manager as internal auditor

    I have an inquiry about if a Project Manager in charge of implementation of the ISO 27001 also can be the internal auditor of the ISMS and coexist with a CISO?

  • ISO 27001 and ISO 27002

    Can you break down the main differences between an ISO 27001 and an ISO 27002 certification? Is 27002 a higher standard then 27001? I want to be sure that if we are going through the effort to be certified that we are working towards the right goal for our organization.

  • ISO 27001 and GDPR

    I have a list of required GDPR documents, please can you advise which falls under ISO 27001?

  • Implementation of ISO 27002

    I would like to know which companies have implemented ISO 27002?

  • Certification of remote companies

    We've got into Conformio and I just ran into a question that I need clarification on. XXX is a 100% remote company, meaning we have no physical buildings and everyone works from home. I've been discussing with assessors and was just told that you cannot do ISO 27001 if you do not have a physical headquarters building. I need to know from the folks who know the answer. Can we do a ISO 27001 certification if we do not have a building?
Page 237 of 544 pages