ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment ISO 9001 Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001 Internal Auditor Course Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Certification bodies

    This week we are going to finish our documentation. Can you recommend auditing agencies?

  • Integrating ISO 27001 and ISO 9001

    My organisation is in a service based industry where we want to integrate ISMS and QMS...
    What are the steps that We should follow on integrating the same

  • Interna/External auditor role

    Gostaria de saber que é o papel do Auditor interno/externo na implementação e auditoria da norma 27001 e 22301, assim com o responsável pela segurança de de informação. Existe algum documento onde posso ver essas informações?

    (I would like to know what is the role of the internal / external Auditor in the implementation and audit of standard 27001 and 22301, as well as the person in charge of information security. Is there a document where I can see this information?)

  • ISMS implementation

    I am not getting the point that
    1. How to start implementing ISMS?
    2. Which department to select?

  • ISMS scope for cloud environment

    Could you please let me know how to do ISMS scope if the company does software development also offer SaaS to the cloud how should I scope it. I know how to do scope I don't know cloud what happens in cloud

  • Recovering an ISMS project

    I follow your book on ISO 27001, "Secur & simple ...". It is really practical and useful. Thank you for your good advice.

  • ISO 27001, NIST CSF and NERC CIP

    I saw someone gave the correlation between NIST Cybersecurity framework core and NERC CIP 02-09 in the picture attached .

  • Risks on software development

    Could you please let me know what threat and risk can befall on software development cycle in the house as long as ISMS 27001 is concerns and also the finish software is like CRAM and it is offered as SaaS on cloud?

  • Importancia de los indicadores en la ISO 27001

    Que importancia tienen los indicadores en la implementcion de la 27001?

  • Policy documentation

    I do have a question and it surrounds control 9.1.1. We have recently streamlined a lot of our ISMS documentation and policies as they were just too wordy and difficult to use. We have a folder of SOP’s (standard operating procedures) which are clear instructions on how to manage a given process and why. It covers a lot of the necessary information but in a nice succinct and user friendly way. I’m just preparing an audit on Access Control and, although we have an SOP on User Registration, User Joining and User Leaving (the company)which covers off a lot of the items listed in 9.1.1 of 27002 a-k, there is no stand-alone policy. I see this as an opportunity for improvement, however, I am also mindful of the fact that the company wishes to keep it all streamlined and has moved away from wordy policies can be more of a hindrance to the staff. I wonder if an external auditor would likely pick up on this or, if all items listed in 9.1.1 a-k (27002) are covered off, that would suffice? I would welcome some help with this.
Page 313 of 544 pages