ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment ISO 9001 Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001 Internal Auditor Course Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Mapping the threats against relevant Annex A controls

    I am using the standard threats and vulnerabilities from ISO 27005 to risk assess my organisation. Do you know of a document that directly maps each threat example against relevant Annex A controls?

  • Minimal documentation for certification

    So far, we only edited the following documents in the toolkit, as I was on a month-long annual leave:

  • Employees awareness

    I need to make my employees aware that we're doing ISO 27001 but I'm not entirely sure what to say. Is there an email template that I could use or would you be able to point me in the right direction in terms of what I need to communicate to my employees in the email I'm going to send them?

  • Secondary site location

    I have a problem about the standard distance between primary data center DC and secondary data center DR. What is the standard distance worldwide?"

  • Controls objectives

    I am working on the Statement of Applicability for a client. Where it asks for “Control Objectives” there is a comment that says: They should be defined for each of your controls and made measurable if possible; however, you can also copy objectives listed in clauses categories in Annex A. Where is the objectives listed in the clauses categories in Annex A? I have reviewed Annex A and do not see this?

  • Regulatory compliance

    How to determine the appropriate level of completeness in regulatory identification of a ISMS according to the scope? My doubts is because I found gaps between SOA, scope and a.18.1 controls and I-m not sure how to handle them.

  • IATF 16949 and ISO 22301

    I'm the QS Mgr. At the moment we are IATF 16949:2016 certified. Hence Contingency Plan per clause 6.1.2.3 is a must and is already in place per the std. Is there a need to go for the ISO 22301 ? How are they different ?

  • Testing cyber security

    To test cybersecurity risk,control system,plan and strategy for chosen organisation,it needs software or some link?

  • Resources for ISMS and BCMS implementation

    How much manpower will I need to implement ISO 27001 and ISO 22301?

  • MAO vs RTO

    What's the difference between the MAO (Maximum Acceptable Outage) and RTO (Recovery Time Objective)? Let's say the MAO is 8 hours, shouldn't be the recovery time 8 hours as well? Isn't it the same thing?
Page 290 of 544 pages