ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment ISO 9001 Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001 Internal Auditor Course Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Risk assessment

    I have a couple of questions about the Risk assessment:

  • Toolkit content

    1. I have gone through the toolkit and couldn’t see some of the mandatory documents under Annex A, for example, A.6 Organization of information security I didn’t find all the mandatory document.

  • Background check

    1. Is it mandatory to do background check for all the employees?

  • BCP sample

    Wondering if you have any suggestions on specifics of security requirements in BCP? How to write it? From A17 control perspective. I did go through your webinar on ISO 22301, but was curious if you have any sample case study of BCP and security requirements in it?

  • A.12.5.1 concepts

    I have a question about control A.12.5.1: what does „software on systems in the organisation“ mean and include? Does it include the workstation of the employees too?

  • Integrating management systems

    I’m still reviewing the toolkit. One question I do have is about integration with 22301, should I treat these are separate systems or try and produce one set of documentation?

  • Defining an ISO 27001 implementation project

    I was told that you are the main expert on the ISO documentation. My organization wants to put a project plan together on filling all of this out and we’re wondering if you have estimated timelines that it takes to perform the various activities. Obviously every organization is different but general guidelines would be good to help us with staff scheduling.

  • Business strategies

    I intend to understand how I determine business strategies, taking into account the business impact analysis results (Specifically, impact of processes, interdependencies, RTO and RPO) and risk assessment results (Specifically, the type and cause of risk, the level of risk - inherent, residual). Which variables in practice are all relevant in determining business strategies?

  • Concept definition

    I am wondering in the 08_Annex_A , A.14 ; Annex – Requirement specification related to information system - What do you mean by “Information system”, do you have any example. We are not sure to understand that term.

  • Becoming auditors

    How we can be Auditors for ISO prerequisites in Arabic Countries? We are network security company in Jordan.
Page 282 of 544 pages