ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment ISO 9001 Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001 Internal Auditor Course Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 27001 clause 6.1.2.c.1

    Could you please so kind to advise me in following:

  • Conditions for ISO 27001 implementation

    We are thinking about getting certify with ISO 27001 for our company. We do NOT have active directory in place right now. Can we go ahead for the certification. or Domain will decrease our load to implement the control.

  • Templates content

    1. Do we have to use the Measurement Report or is it enough that we mention the objectives in the Information Security Policy and mention the measuring frequency?

  • 3rd party risk management

    How can we perform 3rd party risk management or what the steps for 3rd party risk management?

  • Documentation requirements

    I am using the templates at the moment. I have a question regarding the SOPs.

  • ISO 27001 for datacenters

    Can I use ISO 27001 to claim "certification" of a data centre? The content seems more around guidelines and not sufficient to rely on particularly if the company classifies information. In Australia the Federal Government certifies data centres from T1 (Unclassified/Public) to T4 (Top Secret). Are you aware of other countries or organisations that do this?

  • ISO 27017 certification

    Assuming that there is an ISO 27001 certification organization and now I want to add ISO 27017 certification but do not want to write a set of procedures again, can I only take the necessary additions? For example a Supplier Security Policy has?

  • Diagram of ISO 27001 Risk Assessment and Treatment Process

    Do you have Diagram for all IT Assets or Process like this relating to risk and mitigation?

  • Articles and documents update

    I was wondering what is more updated – your articles or your documents? For example, the list of threats and vulnerabilities are similar but not the same in the article Catalogue of threats & vulnerabilities https://advisera.com/27001academy/knowledgebase/threats-vulnerabilities/ vs the Risk Assessment Excel spreadsheet.

  • ISO 27001 templates content

    1. Not all the unacceptable risks must be documented in the SoA (selection of controls option), besides selection of controls you can also choose to accept risks, avoid risks or share risks with third parties. If I choose one of the other 3 options, what do I have to write in my Statement of Applicability?
Page 255 of 544 pages