ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 14001 Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISMS implementation

    I am not getting the point that
    1. How to start implementing ISMS?
    2. Which department to select?

  • ISMS scope for cloud environment

    Could you please let me know how to do ISMS scope if the company does software development also offer SaaS to the cloud how should I scope it. I know how to do scope I don't know cloud what happens in cloud

  • Recovering an ISMS project

    I follow your book on ISO 27001, "Secur & simple ...". It is really practical and useful. Thank you for your good advice.

  • ISO 27001, NIST CSF and NERC CIP

    I saw someone gave the correlation between NIST Cybersecurity framework core and NERC CIP 02-09 in the picture attached .

  • Risks on software development

    Could you please let me know what threat and risk can befall on software development cycle in the house as long as ISMS 27001 is concerns and also the finish software is like CRAM and it is offered as SaaS on cloud?

  • Importancia de los indicadores en la ISO 27001

    Que importancia tienen los indicadores en la implementcion de la 27001?

  • Policy documentation

    I do have a question and it surrounds control 9.1.1. We have recently streamlined a lot of our ISMS documentation and policies as they were just too wordy and difficult to use. We have a folder of SOP’s (standard operating procedures) which are clear instructions on how to manage a given process and why. It covers a lot of the necessary information but in a nice succinct and user friendly way. I’m just preparing an audit on Access Control and, although we have an SOP on User Registration, User Joining and User Leaving (the company)which covers off a lot of the items listed in 9.1.1 of 27002 a-k, there is no stand-alone policy. I see this as an opportunity for improvement, however, I am also mindful of the fact that the company wishes to keep it all streamlined and has moved away from wordy policies can be more of a hindrance to the staff. I wonder if an external auditor would likely pick up on this or, if all items listed in 9.1.1 a-k (27002) are covered off, that would suffice? I would welcome some help with this.

  • ISO 22301 LA course

    I am already officially ISO 27001 lead auditor certified and would like to get ISO 23001 lead auditor certified as well for the benefit of the company where I work and the role which I am covering.

  • Communication of information security

    Thanks a lot for your feedback on the matter. Much appreciated. In the meantime would you or your colleague clarify the below query:

  • Secure & Simple book content

    I noticed that clause 9.3 b) in the ISO 27001:2013 is missing from your book under clause 9.3 which deals with Management review:
Page 313 of 544 pages