ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 14001 Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO career

    I am doing Job in IT support for last 10 years, In that, I have experienced ISO 27001 and ISO 9001 implementation for 5 years. Now I am decided to make or switch career totally into ISO Standards. So I am doing a study of the ISO 27001. Please suggest is it good to go or I have to continue as in IT support?

  • SoA update

    Hi, should we update the statuses in the SOA ongoing or is this done annually?

  • Security objectives for IT Helpdesk function

    As per my understanding IT Helpdesk function deals more with quality than Information Security. So, if same is added in scope of ISO 27001 certification, what kind of security objectives we can define and measure for IT Helpdesk function? Could you please help?

  • Documentation content

    1. I am working through the Statement of Applicability and have found that the Control Objectives listed in the Statement of Applicability do NOT align with those found in the PDF ISO 27001 Controls and Objectives. In the Statement of Applicability it shows the control for A.6.1.2 as Segregation of duties, but then when I go to the PDF for the 270001 Control and Objectives it shows A.6.1.2 Information security coordination.
    2. Based on the response , can you please provide the 2013 Annex A List of Controls and Objectives, as the one I have is 2005 and does not align with the Statement of Applicability in the toolkit.

  • Asset inventory and Organizational context

    1. What should we document for people asset and how is the risk treatment done for this?

  • Secure development KPIs

    Thank you for all your advise - wondering if you can share some thoughts around KPI's to measure compliance with a secure development policy - practical tips only please, any reports you can think of Infosec can ask for - scenario is agile/ devops?

  • ISO 27005 study material

    I am currently pursuing ISO 27001 foundations from Advisera. However, before going ahead with an Auditor/Implementer course, I am interested in understanding the ISO 27005 standard. Will it be a right move? And also, I cant seem to find an ISO 27005 course on Advisera, can you help me point to some reference for study?

  • Mapping the threats against relevant Annex A controls

    I am using the standard threats and vulnerabilities from ISO 27005 to risk assess my organisation. Do you know of a document that directly maps each threat example against relevant Annex A controls?

  • Minimal documentation for certification

    So far, we only edited the following documents in the toolkit, as I was on a month-long annual leave:

  • Employees awareness

    I need to make my employees aware that we're doing ISO 27001 but I'm not entirely sure what to say. Is there an email template that I could use or would you be able to point me in the right direction in terms of what I need to communicate to my employees in the email I'm going to send them?
Page 289 of 544 pages