ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment ISO 9001 Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO27001 AS9100
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Controls in third party facility

    We have implemented 27001 in our organisation head office. We own the premise and so can control the environment and all the information security requirements where the premise is concerned. We are now implementing 27001 into a secondary office. Here we use around 10 public buildings, these are free of charge, we have no contract in place and they are not a supplier. How can we implement the controls when it is out of our hands? For example we have no control over the perimeter or their utilities, we have no control who comes into the building etc. Mainly those areas in A11? How do we comply with 27001 in this case?

  • Risk treatment plan

    I have finished doing your e-learning course on 27001 Internal auditor and am still not sure if you need to include the treatment of all risks in the Risk Treatment Plan or just those for the risks that you have evaluated as unacceptable? Can you help ?

  • Requirement for vulnerability scanning

    I want to verify in what part of the ISO compliance that will require a company to do 3rd party scanning for vulnerability assessment and penetration testing...

  • Standard for BCM

    1- is there another standard for BCM? or this is THE standard to follow?

  • Changing template content

    I would like to change the Methodology for a risk assesment, so I need to change some properties for columns in the document 07.1_Appendix_1_Risk_Assessment_Table_Integrated_EN, I need to change the formula for a risk calculation and also controls for permitted values for columns Consequence and Likelihood. How can I do this?

  • Information protection

    I have a client who is going to sell information over the Internet and ask me how to prevent that information from being leaked to third parties. What controls do you suggest?

  • ISO 22301 and NIST 800-34

    Need to create a BIA, I was given Nist 800-34 to follow but its confusing, will your templates mirror the NIST 800-34?st

  • Main control activity

    By key control, I mean the main control activity. For eg, in an access provisioning process, the key control activity would be the part where the provisioning actually takes place.

  • Is ISO 27002 acquisition necessary?

    Is it necessary to purchase 27002 standard, or is it’s contents contained completely in Annex A of 270001?

  • Change management

    Please describe about Change management.
Page 325 of 544 pages