Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Use promo code:
CTA20

ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Transition Online Course content

    Note that I have questions about some of the content. For example, the text of documents provided and the corresponding quizzes state that the purpose of the update to ISO/IEC 27001 was to bring it into alignment with ISO/IEC 9001. However, ISO states “The main changes are as follows:

    —     the text has been aligned with the harmonized structure for management system standards and ISO/IEC 27002:2022...” Also if I remember it correctly, the verbal content said this as well. My opinion is that the goal of the updated ISO/IEC 27001 was to align with ISO/IEC 27002 and the Annex SL structure. Just my opinion.

  • Supplier questionnaire

    Hi, I need help to produce the following for suppliers that we work with, I need to confirm the correct questions to send out, risk scoring and a policy. Below are questions for supplier regarding their security posture.

    • Confirm which of the following do you have in place: Firewall? IDS or IPS? Secure configuration? Anti-virus/Malware Protection? EDR/MDR/XDR? Patch Managements? Access Control? Multi-Factor Authentication? Email spam filtering? Network behaviour Monitoring?
    • Do you know what devices connect to your network and who has access?
    • Do you follow any security frameworks?
    • Do you have cyber essentials?
    • Do you do conduct vulnerability and penetration testing?
    • Do you have backups? • Do you have security and acceptable use policy?
    • Do you have information and security policies in place?
    • Do you have access control policies in place? • Do you conduct cyber security awareness training?
    • Do you have a disaster recovery plan? • Do you have an incident response plan?
    • Do you have anything in place with your supply chain to combat a cyber-attack?

    • Conformio documentation

      Clause 7.4 – Communication ( how to evidence the communications plan).  Where do I find this information on the system?
      Clause 8.1 - Operational planning and control (To see the ISMS Calendar/Planner). Where do I find this information on the system?
      Clause 9.1 - Monitoring, measurement, analysis and evaluation (To see the measurement & Metrics and measurement results).  Where do I find this information on the system?
      Clause 10.2 - Continual improvement (To see ISMS continual improvement log).   Where do I find this information on the system?
      A.18.2.2 – Report of information security compliance monitoring from various Managers/Heads of Heads or plan of action. How do I capture or evidence this in the system?

      and Finally, How to use Conformio to test the effectiveness of the ISMS in the organization?

    • CRM Document Management

      As it is a small company it would be beneficial to complete most document management within the CRM to enable embedding security in all aspects of service delivery.  What is the likely view of auditors of such an approach? This would of course be reflected in the Records Management document.

    • ISO/IEC 27001 Audit

      Good morning,
      A company has a very reliable system and over time no security incidents, failures or occurrences are found that justify the opening of non-cconformities processes.
      Note: the system is very robust and the demand for using it is much lower than its capacity.
      During an audit, can the auditor question the absence of these records (incidents and non-conformities), that is, consider that these events occurred but the company did not record them?

    • Approved Certification bodies

      Hey everyone, really nice to join this forum.
      I just have a very quick question that I hope someone can assist me with.

      Does any one know of the best way to validate a certification body, and what certificates that certification body is authorised to issue.

      I've found https://uafaccreditation.org/, just wonderig if there are any others that will allow me to validate my results about a potential fake certificate.

    • ISMS audit

      How do perform an ISMS audit with efficient suggestion to consultant and client to ease the gap on the risk and controls in the standard?

    • Planned implementation of changes to ISMS

      I bought the new kit for 27001/2022. I'm missing a document on the new chapter in the documentation

      Chapter 6.3 Planned implementation of changes to the ISMS.

      When will something be added?

    • Toolkit documentation

      Which document in the toolkit is relevant to clause A.7.5 (Protecting against physical and environmental threats)? And to A.7.8 (Equipment siting and protection)?

    • DR distance

      What's the distance for a disaster recovery site?
Page 24 of 544 pages