ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment ISO 9001 Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001 Internal Auditor Course Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Integrating ISO 9001 and ISO 27001

    We are being audited for both 9001 and 27001 at the same time, and I need to know to exactly which mandatory documents held within Conformio’s 9001 need to be completed without double up. We need to be as efficient as possible and only complete the documents in 9001 necessary to pass the audit.

  • Project plan template content

    1 I noticed your Project Plan Template refers to ISO 27001 but also Business Continuity Plan. Why?

  • Policy development

    I struggle looking for practical examples of Policies that represent some of the key clauses (for e.g A18.x, A14.x or A8.x). Obviously, nobody puts up 'actual' or 'real' examples and its a bit of a challenge to know how to write a Policy, especially when you have never done it before.

  • Recording interested parties

    I’m currently working on listing all the interest parties in the ‘List of legal, regulatory, contractual and other requirements’ document and I wanted some more guidance on how to record the interested parties according to ISO 22301. I work for a large global company with several hundred employees, clients, suppliers, shareholders etc. In the ‘Interested Parties’ column could I just state the stakeholders as ‘employees’, ‘clients’, ‘suppliers’, ‘shareholders,’ or do I need to list every individual employee, supplier and shareholder?

  • Integrated implementation

    Do you think if a company is working towards both ISO 27001 and ISO 22301 certifications, it should keep completely separate mandatory documents such as scope document if the scope is the same? Or can it be merged? I would love to know your point of view.

  • Certification coverage

    A customer asked for some documents involving ISO 27001, but the company in which I work is not certified directly. AWS that is our cloud is certified with ISO 27001. I wonder if the fact that the cloud we use is certified, we "automatically" are also?

  • Information assets classification

    1. What are the stages of information assets classification?

  • Auditor questions

    I am wondering if you can generate a list of typical questions an auditor might ask staff during an Audit.

  • Policy and procedure development

    What is the first step we have to do to create and prepare new bank risk management policy and procedure.

  • Certification requirements

    I have ISO 27001 certification. Scenario below:
Page 263 of 544 pages