ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment ISO 9001 Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001 Internal Auditor Course Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 27001 implementation tips

    1. Any tips on how to comply to the 27001 standard for a startup company with employees around

  • BIA for ISO 27001

    In my company, we want to establish ISO 27001 on critical process. Our challenge is detection critical business process. We decided to do BIA on business process. Can you introduce us with a BIA Methodology?

  • Technology Risk Assessment

    Can you please share a sample template for Conduct Technology Risk Assessment? Can you please share the Methodology document?

  • Elaborating documents

    I have a question about the ISMS scope and the Information Security Policy documents. Can those 2 documents be joined in one? Because we are a small company and all departments will be included in the scope.

  • Software assessment

    We maintain an approved software list for PCs in network and when any user requests an unapproved software a risk assessment is done for the same before it gets installed. What are the key things must be looked into when doing a risk assessment for a standalone software which is open source product or developed by a private company?

  • Non-risk related reasons for undertake work

    Risk management is not the only reason firms undertake work - how do we account for Continuous Improvement that has a "non-risk" source. We maintain a Security Work tool internally which we often define work in, where the work did not come from a clear and articulated risk. Any thoughts on how to handle "general input" workload like this? Do ISO auditors assume everything must be initially articulated as a risk?

  • Disaster recovery plan

    I wish to know if Advisera has a template or example that I can use to document a Disaster Recovery Plan of a service that is over Cloud Infrastructure (AWS).

  • Use of ISO 27001 standard

    Can we share the ISO 27001 standard with other companies / use it for conducting assessments if we have not purchased the standard? Would that be intellectual property infringement, or does ISO have a partner program?

  • Obtaining engagement

    How to get engagement as an independent consultant?

  • Evidences for audit

    1. My organization is 2 months old and i have implemented ISMS for ISO certification and operating it for the past 10 days. We have documented standard procedures for Incident and change management.For Certification audit, Do we need to give any kind of evidence if there is no incident or normal change happened yet in our organization?
Page 242 of 544 pages