ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment ISO 9001 Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001 Internal Auditor Course Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Records and documents

    I have a general question about the templates. The templates have a paragraph dealing with the "management of records relating to this document“. In this section you write down all the record for this document.

  • Templates content

    1. In some cases the controls are very similar and I could see that they are applicable to the same risk, e.g. control A.15.1.1 and A.15.1.2. Let us say that we only choose to apply one of them in order to not make it look as if we have a lot of risks (and besides that the control is not applicable to any other risk), would there be a way how we could justify this in the Statement Applicability?

  • ISO 27001 implementation

    I am a Project manager handling all the security projects for my organisation, where in we are currently implementing ISO 27001. I have gone through most of your resources put up on ISO 27001 and those were quite helpful. Thanks for all those free resources which are easily available for us to refer and get ourselves educated on this standard. Still,I would need a little bit of guidance in implementing the ISO 27001 for small to medium size company, if you could provide your valuable inputs on how to get this implemented, it would be great.

  • Template content - awareness and training

    I have a question about the "plan for training and awareness“. Out of the document, from the table:

  • Risks and ISO 22301

    I'm from Colombia and I'm trying to do a degree project in a consulting company, my question is what risks can prevent or what risks are found in the company that we control them with the ISO 22301?

  • BCM policy and a DR policy

    I would like to know and understand the difference between a BCM policy and a DR policy. I am trying to develop a BCM policy for my organisation so i would like to understand if i need to have both the 2 policies in place or just one.

  • Controls to be implemented

    From the 114 controls, how many are mandatory to get an ISO certification?

  • Implementing ISO 27001 for outsourced SOC services

    I am looking at implementing ISO 27001 for an IT Service Provider who provide SOC services. The Service Provider has a separate team looking after Corporate IT. The scope of the certification are the services provided by the SOC.

  • Incident and Recovery Plan

    I have a question regarding the Incident and Recovery Plan. My assumption was the following:
Page 253 of 544 pages