ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment ISO 9001 Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001 Internal Auditor Course Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Benefits of ISO 27001

    Im preparing a document for my ICT Director to take to exco to justify why our organization (a central bank) should be iso27001 certified please share some links where I can information for my paper

  • Is Risk Treatment Table necessary?

    When there is no unacceptable risk on my Risk Assessment Table, is it necessary to fill out the Risk Treatment Table?

  • Statement of applicability A.17.1.3

    The implementation method of control A.17.1.3 talks about an [exercise and test plan] as well as a [form for review after incidents]. To which document(s) / guidline(s) these two documents are related to?

  • Problems with inventory of assets

    During an ISO27001 standard audit some shortcomings were observed on 8.1.1 on the inventory of assets schedule and the auditor realised that the root cause is that the auditee were drawing up and maintaining the standard from their head and not from any approved process. What clause/section on the standards requires that procedure be development for an effective maintenance of the standards control processes?

  • Review of the BCP

    I am performing a review of BCP, do you have a standard checklist or some pointers i can use to assist me in this review process?

  • Acuerdos de confidencialidad

    En la organización mantenemos discrepancia con el Departamento Legal, pues según la depuración que hemos efectuado a proveedores hemos establecido el requerimiento que firmen los acuerdos de confidencialidad, y consideramos que la mayoría de nuestros proveedores tienen relación o acceso de una u otra forma a la información de la empresa, y son muy pocos a los que no hemos solicitado este requisito, pero el criterio del área Legal es que no se debe solicitar sino exclusivamente a proveedores que tienen relación directa con la seguridad de la información.

  • ISO 27001 vs ISO 27002

    If you resew implement ISO 27002 within the entity, do I need to have the ISO 27001?

  • Risk management and the Internal audit

    If In the previous internal audit report, the risk was low after risk treatment, did the risk management plan report on the next internal audit to be taken or omitted?

  • Identification of threats

    how do you know if you have identified all the threats to an organisation? I have had to add threats to your list as I couldn’t may all the threats I could think of back to you list. Now I am wondering what other threats I may have missed.

  • Risk management in ISO 27001 Lead Auditor Course

    One question will this course help me for threat analysis as security manager to save manpower threat to life?
Page 291 of 544 pages