ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment ISO 9001 Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001 Internal Auditor Course Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Use of Toolkit's documents

    I am wondering if I can use one document for both standard? As an example, for the project plan, can I use one project plan and integrate information about the SMSI and SMCA into it. Or, do I need to make two project plan document, one for the SMSI implementation and one for the SMCA?

  • Integrated implementation

    1 - I have a few questions regarding the planning phase of implementing ISO 27001. I was wondering if you have any suggestions on how to integrate the ISO 27001 standard with an existing quality management system? Do you have any examples of how this has been done before?

  • Lead Auditor course and ISMS certification

    Does this certificate then allow me to certify businesses as ISO 27001 compliant? How does this stage work for the Australian market?

  • Performing risk assessment

    I am trying to assist an IT Managed Services provider to implement a security framework within their organisation. No to get ISO 27001 certified, but to give their clients comfort that they have addressed their security risks. I am looking for the process to follow in order to perform the risk assessment and then "map" their new processes to ISO 27001.

  • Auditor competences

    I know the internal audit must be performed by a qualified internal auditor. Would that have to be an ISO 27001 qualified auditor or would someone with an ISO 9001 Lead auditor qualification, if they built the ISMS, be sufficient?

  • Disciplinary process

    I hope you can provide me with some general comments. Do we need to include a breach of policy section in each of the ISMS policy documents? What if the breach of policy conditions is too strict? How do we tune them down (for example, if a staff failed to report a breach he/she may be subject to dismissal, too strict?)

  • Template content

    Document: Guideline on the use of cryptographic measures

  • Performing risk assessment

    How to conduct risk assessment. I have populated potential threat & vulnerability list. How to populate consequence & likelihood. Please guide me with examples.

  • ISMS scope

    1. I found the scope document to be similar to the document I have; however, I struggle to understand section 3.4 Networks and IT Infrastructure. Do I only need to understand and document the existing IT environment and the infrastructure in place and in scope?

  • ISO 27001 courses

    I'm an IT consultant in xxx and I have an IT franchise here. I want to expand my knowledge of IT security. And I wonder if you could tell me a good EAD course on ISO 27001?
Page 288 of 544 pages