ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment ISO 9001 Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001 Internal Auditor Course Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Time to implement ISO 27001

    Would like to ask if we want to setup the information security system and pass the UKGC audit before 20 May 2019, is it possible? We need a really professional and efficiency consultant to handle the project in our Malta office.

  • Asset inventory

    I am looking to create an Information Asset Register (IAR) for ISO 27001 but also want to use it for GDPR rather than create a separate register.

  • Protecting against external and environmental threats

    I purchased the ISO 27001 toolkit and I’m looking for a policy that would cover controls A11.1.1-4. I see the Procedures for Working in Secure Areas but that only appears to cover A11.1.5.

  • Information Security Management course for non IT professionals

    Would you please let me know how is it fit the Information Security Management course for non IT professionals?

  • Scope definition

    We are a small IT services provider with 6 employees and are planning for ISO 27001 certification. I have a couple of questions regarding the scope and legislative requirements if you could help me please.

  • Gap Analysis and planning audits

    Could you please give me few important factors that help decide the

  • Risk Assessment responsibilities

    1 - In an organization, who should perform the IT or Cybersecurity Risk Assessment ?

  • Risk Assessment

    A question regarding Risk Assessment: We are implementing ISMS from scratch and let‘s say we do not have any policies. My questions is if we can change the order of actions in regards of risk treatment. Let‘s say that I develop some policies before assessing risks (because it‘s obvious that I know that some policies are mandatory and I know main principles of what should be defined in those policies). By doing that I shorten the list of risks with unacceptable level. And after the risk assessment I will have maybe only append some changes to those policies.

  • Templates content

    1. Regarding the Statement of Applicability: I've did some research and what I've seen is that I don't have to write policies / procedures for each risk. What I could also do is accept risks, avoid risks or share the risks with third parties (in this case insurers or suppliers). In that case I assume I'd have to say that it isn't applicable in the Statement of Applicability, but what do I write at the selection for non-justification tab?

  • ISO 27001 Toolkit content

    1. Does the ISO 27001 document package include technical specifications for the implementation of Annex A controls?
Page 256 of 544 pages