ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001 Internal Auditor Course Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Mandatory documents

    As I have been appointed a task of creating an overall IT Security policies and procedures documentation, I have chosen ISO 27001 guidelines to help me define the scope of documentation required for my company to be ISO certified this year + submit the documentation for one of the security requirements imposed by the UK tender framework.

  • Categorization of assets

    Regarding asset identification, when dividing into primary assets(business process and information assets) and supporting assets (hardware, software, people, documentation etc) - how should you assess regarding information assets what is categorized as a primary asset vs a supporting asset?

  • ISO 27001 implementation and certification

    I work as a freelance, a company asks me to implement the network and manage it in such a way that the most important asset is the information, they tell me that it applies ISO, my question is if applying the standard is the same as certifying? If I apply the standard but do not certify I'm not sure what happens? I need to understand the subject.

  • Risk assessment

    I am working on my risk register now and I have identified 100 threats. How many usually are identified?

  • Risks and opportunities

    In the organization in which we work, we have implemented and certified the Information Security System according to ISO 27001: 2013, as well as Quality in accordance with ISO 9001: 2015. It turns out that in the observations generated in the audits is that we must implement, justify and better evidence the Opportunities in what corresponds to the requirement 6.1.1 Actions to address risks and opportunities or Actions to address risks and opportunities.

  • Various questions regarding toolkit

    1. Let us say that the laptops and/or servers (or let us say in general asset types) have the same purpose, would we have to multiply each risk by 3 just because there are different Asset Owners?

  • 27001 training

    I'm interested in getting my ISO 27k1 training and cert. However, there is a huge discrepancy between training vendors. I'm new in Switzerland (originally from Canada), and find it extremely expensive here compared to similar programs in the EU. Also, the courses seem to differ slightly. Some offer intro for 900€-1200€ and others are 2000€+ for what seems to be the same. In Switzerland it's 3500chf+ just for the intro. Are there preferred study methods and certification routes?

  • Handling residual risks

    What are the ways to control the residual risks ?
Page 252 of 544 pages