ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 14001 Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISMS: Controls and measures

    Hi, can someone explain to me the difference between controls and measurements? We have performed a risk assessment and we have identified risk and now some measures/measurements are ongoing (e.g. creating server hardening guide). Later we want to check if e.g. all servers have these hardening guide applied - is this the control or is it just audit?

  • ISO 27001 ¿Para personas y empresas?

    The ISO 27001 certification is for people or companies? How can I convince my company to pay me an ISO 270001 certification? How long do I need to take a full workout? And what is the cost?

  • Implementation steps

    When referring to implementation time, does that includes diagnosis, definition of a plan, implementation and certification? or its solely for certification?

  • ISO 27001 implementation

    We received this question:

  • Mandatory documents for ISO 27001

    For clause 4.2 of ISO27K, there is mandatory document about list of interested parties. In your article (https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/) there is no list of interested parties document as required. Can you explain about that?

  • Key control activities

    Is there an explicit requirement to identify the key control activities in each process/procedure documentation? Is this something the auditors will look for?

  • Maintenance of records

    How to maintain online ISMS records for a year surveillance and next ISMS cycle?

  • Internal audits records

    I was on Your "ISO 27001: An overview of the ISMS implementation process" training. And I want to clarity one subject

  • Secure Development Policy template content

    For the secure development Policy, in section four of your template you mention testing plans. What should be included in this document? Also, is this a mandatory document that should be created along with the secure development Policy?

  • Risk acceptance criteria

    Should all risk be evaluated with a risk acceptance criteria or evaluated with multiple criteria for every asset group?
Page 326 of 544 pages