ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment ISO 9001 Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001 Internal Auditor Course Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Preventive actions

    1.- I've downloaded the templates but it seems that is missing one of them when I compare with the tutorial video of Dejan Kosutic. On the video #112 Procedure Corrective and Preventive Actions, it shows 2 templates in 1 ( Procedure Corrective and Preventive Actions), but on the Toolkit which I downloaded has only the Procedure Corrective Action template. My question is: Is it missing the Procedure for Preventive Action template or did you update the templates and this template is not available anymore?

  • Segregation duties

    We have the 27001&22301 Premium Documentation Toolkit, and have enjoyed using your templates. I can't see any reference to A.6.1.2 Segregation of Duties. I'm told that we need a policy to cover this. Can you offer any advice on where to find a template.

  • What part takes the most time

    We know that the implementation takes months, so we're afraid we've missed some points! We were wondering what part takes the most time (scope, risk analysis, writing of policies and procedures)?

  • Cryptographic controls

    With regards to the ISO 27001, domain 10 talks about performing a risk assessment to ascertain the appropriate level of cryptographic protection. I want to know how i can perform this risk assessment.

  • Is ISO 27002 mandatory?

    Does an ISO 27001 certification REQUIRE that you select your controls from ISO 27002, or is this just one of the options? As I see it, the goal of ISO 27001 is to ensure that you select and implement the controls that are needed based on the risks of the assets you want to protect. Period. From which control framework these controls originate (ISO 27002, NIST, BSI, Cobit, etc.) should not matter. So, an ISO 27001 auditor should not force me to use ISO 27002. Is that correct? I've asked two ISO 27001 Lead Auditors, and got two contradicting answers. What do you think? Is there any clear guidance in the ISO standards (which?) that clarifies this issue?

  • Information security management policy vs information security policy

    Is the Information security management system policy the same thing as the information security policy?

  • Risk likelihood

    If an incident has already occurred and is added to the risk register, what do we set the level of likelihood to? Do we calculate the likelihood of the impact of the risk re-occurring or set it to having a high likelihood as it's already occurred?

  • Approach for the document management

    I believe that we have to use the following approach to develop this BCM document.

  • Interfaces and dependencies

    Can you explain and give examples on the requirement in ISO 27001 standard, 4.3 (c) interfaces and dependencies between activities performed by the organization, and those that are performed by other organizations.

  • ISO 27001 Lead Auditor course content

    Does the ISO 27001 Lead auditor course includes cybersecurity topics?
Page 292 of 544 pages