Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Use promo code:
CTA20

ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 27001 change process: 2013 to 2022

    If certified ISMS is changed from being compliant with ISO 27001 2013, to be compliant with the new ISO 27001 2022, is it still (in theory) actually going to be compliant with both versions? also 2013 version? and suitable being audited against old version too? My point is, that could give flexibility for the change process, and it could be started straight away.

  • Confidentiality Level & the ISO 27001 Standard

    1 - Should all documents have a confidentiality level?

    2 - Also in the standard Annex A there is a table of 'A' numbers, example A.12.1.3 how do I link these to the clauses in the standard? Example 9 Performance evaluation?

  • Trying to map additions

    Thank you for the last answers (https://community.advisera.com/topic/risk-treatment-and-rtp/#comment=reply-21525).

    I have two topics and questions about them. 

    I have the new Advisera ISO 27001 2022 Toolkit. I am trying to map additions caused by the new version of the ISO 27001 2022 standard’s main part (clauses 4 to 10) from the Toolkit, e.g. 6.3 and 8.1 among others, but can not seem to find them.

    Are the standard’s changes such in nature that they can be seemed already included to the old version of the document templates? or why I can not find them? 

    Can ISO 27001 2013 certified company make all the changes required for the new ISO 27001 2022 version, and if compliant, certify against 2022 version in the middle of the 3 year validity period in one of the surveillance audits?

    It probably is required to have internal audit done against 2022 version before certification?

  • Procedure for document and record control

    We are actually working on the document ’PROCEDURE FOR DOCUMENT AND RECORD CONTROL’

    For ***, I am guessing whether it can be Conformio Platform or not.

    Each external document that is necessary for the planning and operation of the ISMS must be recorded in the *** or in the *** according to their form. The *** and the *** must contain the following information: sender, document name, and date of receipt.

    The person who receives such external documents in paper or other physical forms (e.g., through regular mail or as courier parcels) must make a record in the ***. The person who receives external documents in electronic form (e.g., through email) must record them in the ***.

    Question : I would like to know if we can use Conformio instead of CRM ( which makes no sense in the case)

  • Code of Conduct

    Hi Team, can you please let me know how I can create our Code of Conduct please? thanks.

  • Annual Review Templates

    Are there any templates for evidencing annual reviews of supplier security documents?

  • Starting the implemetnation

    I have now opened the zip folder ISO 27001 & ISO 22301 and found two folders for ISO 27001:2019. Ask for explanation.

    When I opened the first folder, I found documents that probably allow both standards to be processed in an integrated manner, is that correct?

    I actually wanted to start one project after the other, and not both at the same time. I wanted to start with ISO 22301 separately, how is this possible please?

  • Risk Treatment and RTP

    I have questions about risk management, I was wondering if you could help me with these.

    Does ISO 27001 require a risk treatment plan as a one single plan or is it, applicable make risk treatment plans per risk and approvals per risk? And if it is applicable what elements per treated risks must be present (responsibility, timetable, etc.?) The question rises up, because of a risk software which allows make a risk assessment and treatment and plan treatment per risk bases, there is no means to collect all risks in a one single plan (in which has treatment descriptions).


    Does ISO 27001 require documented comparison procedure of the controls (determined in 6.1.3 b) with those in Annex A? The question rises up, because before mentioned software has no means to make up control comparison in composed way e.g. a control table which to use for comparison (like Advisera Risk Treatment table template has).

  • ISO27001 Toolkit materials

    We recently purchased the Advisera ISO27001 Toolkit. We are working through the documentation and have a query we would appreciate your advice on. We believe we need to document the following couple of controls and policies:

    Human Resources Security Policy
    Data Leakage prevention policy 

    We noticed there are no templates for these in the Annex folder although they appear to be referenced in other provider template packs, are we missing files or can you point us in the right direction ?

  • Control A.18.1.2

    Working on 18.1.2 (intellectual property rights), how can we prove compliance with this control? Do we simply need to have copies of the agreements we have with each piece of software used? And be prepared to prove that we are operating within the agreed terms?
Page 29 of 544 pages