ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment ISO 9001 Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001 Internal Auditor Course Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Risk assessment for ISO 22301

    I am designing a complete end to end BCM project aligned with ISO 22301. I am just confused now regarding risk assessment ... I do not know hot to start it because there is a dedicated function is responsible for risk management and they have done their risk assessment and they have risk register now ..... as a business continuity manager do I have to conduct a different risk assessment ?And what does it include?

  • Documentation content

    1. Risk Assessment Table & Risk Treatment Table: What if the risk is non-existent? Would we still have to document this? Let us say for example gaining physical access to the cabling room (at the office) or the server cage (at the datacenter) is nearly impossible, because you need a badge for the cabling room and aside of that people in the company will see the unauthorized personnel. As for the datacenter, there are 4 security procedures / authentication methods to prevent unauthorized personnel from entering.

  • Providing SoA to customers

    I have a customer asking me to provide them my declaration of applicability. Is that something that is custom to provide that?

  • Business continuity plan

    What are the phases to develop a continuity plan, according to ISO 22301: 2012?

  • Internal audit frequency

    How frequently do we need to perform an Internal Audit?

  • Toolkit content

    I do have a couple of questions for you regarding the documentation in the toolkit. Hopefully you could answer these questions for me.

  • Policy for sharing files externally

    Which ISO 27001 policy document describes the controls around sharing files externally?

  • Mandatory policies for ISO 27001

    Our clients are asking us what policies we have (as past of our IS 27001 Certification). Since the toolkit is mixing up terms, can you please list what policies are mandatory for ISO 27001? Once we have this list, we can check that we have the documents labelled correctly. For instance, take the example below, is document 11.A.16 a policy document or a procedure document?

  • Risk control and risk mitigation

    What is the difference between risk control and risk mitigation?

  • Toolkit updates

    Thx for your very good explanations! However, I still did not understand: Do I - after a standard revision - only get a new .doc template for e.g. the scope and have to fill it out from scratch again? Or do you provide some kind of incremental change instructions?
Page 254 of 544 pages