Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Use promo code:
CTA20

ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Change control document

    In regards to the document, I have a few questions that I hoped you could help me answer.

    In regards to change control, I noticed that your document only covers high level changes, however,  our needs go deeper as far as controlling the changes in software, virtual machines and any other aspects of our technological and development environments.,

    Could you assist me in tailoring this template for those needs in compliance with the ISO27001/22301?

  • Is ISO 27001 certification relevant for us?

    I have a Ltd company, with only 1 employee and we deal with physical records storage in a warehouse. One of our clients has asked us to get ISO 27001 certification, but I don’t know if it’s relevant for us as I was under the impression it was more for IT security etc.?

  • Some question about certification ISO 27001

    we’ve got some questions about the documents required for ISO 27001:

    On which documents do we have to write the information like “User, Version, Change History etc.”.  In the document “00_Verfahren_zur_Lenkung_von_Dokumenten” is written that this proceedure encompasses all documents and records, stored in any possible form – paper, audio, video – if the documents are related to the ISMS. But which documents does it concern exaxtly?  
    Similar question: Which documents have to include the masterlist and which the incoming mail book?
    And then we need to know, which information could be confidential? The entire certification prozess of the ISMS is’nt confidential but completely public for us.

    We hope you can help and look forward to hearing from you.

  • Assets

    If the business is implementing ISO 27001 and their all servers, and assets are on the cloud only except a few laptops, and ISMS scope is all services provided by their business in which cloud servers are being used, so my understanding says cloud servers will also be a part of the scope in assets list for the ISMS audit. Business is assuming cloud servers should not be in the scope as they are not going with ISO 27017 certification which is focusing on cloud security.., my own opinion is cloud assets would be part of the scope and they should be part of the ISMS audit. Please confirm your opinion.

  • ISO 27001 Auditor Question

    If the business is going with ISO 27001 External Audit by Certification authority, and the Auditor finds on the first day of Stage 1 audit that all mandatory documents are available with right information, except Internal audit was not performed by the client so no document related to Internal Audit Program, or Record available.

    My opinion says it is a failed audit with major non conformity at Stage 1 Audit as mandatory requirement of Internal Audit was not performed. Should the Auditor stop the audit after notifying the client? Could you please suggest your opinion on this? Can the auditor suggest that the client undergo ISMS implementation training?

    Your response will be highly appreciated.

  • ISO 270001 documentation format

    We need your assistance.

    Can you confirm that this CONFLUENCE-based format is acceptable for submission to ISO or do we have to submit in a MS WORD/ODF format as per your slides/ guide?

  • ISMS scope

    Would like to seek for your advise as below:

    Scope: Provision of IT services of the Data Centre Facilities at DC1 & DC2 to the customers of ***.

    Changes: DC1 going to be migrated to a rent space at DC3 in 2 years time with self remote manage all systems

                      To include Security Monitoring Centre in the scope in 2 years time

    Questions:

    1. Should DC1 to be excluded from the scope and when?

    2. How to include systems hosted at DC3 in the Scope and under proper security control?

    3. What will be the recommended scope statement due to the changes?

    Let us know if any further information needed.

  • Using HLS to combine 27001 with other standards

    How can the HLS be used to combine 27001 with other standards?

  • If 27001 was fully implemented and certified, would you pass a SOC 2 type 2 attestation?

    If 27001 was fully implemented and certified, would you pass a SOC 2 type 2 attestation?

  • ISO 27001 certification needed

    My company asked me to do ISO 27001 to work on SOC 2. Please guide me which certification I need to do for this as there are 4 types of ISO 27001.
Page 28 of 544 pages