ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Rhand Leal

Carlos Pereira da Cruz

Dejan Kosutic

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Risk Assessment Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Certification ISO 14001

Sort by:

Select

CREATE NEW TOPIC +

Guest

Guest

Create New Topic As guest or Sign in

Business department* About business* Organization size*

Title *

Body *

HTML tags are not allowed

Category *

Select

Tags

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Assign topic to the user

Select user

Information classification
I have a difficulty right now to understand how to classify Information with regard to documents.
Control justification on SoA
I have additional question. Is “Justification for selection/non-selection” column mandatory or voluntary to use?
Legal requirements
For the “control objective A.18 – Compliance with legal and contractual requirements” – does this need to include other legal requirements or is it just those relating to information security. For example should the legal register hold reference to the Companies Act and other Financial Regulations – as these are not specifically related to information security.
Alcance ISO 27001
"Mi pregunta esta orientada a la iso 27001. Para poder certificarse debe participar toda la empresa o solo el area it?"
Prospective questionnaires
I sometimes receive questionnaires from prospective customers to assess our level of security.
Non permitted technology strategy
One fast question as I have to have a draft for a customer by Friday on the following and I’m curious where I should put this within the existing toolkits:
ISMS scope on cloud environments
I am working in a company which delivers an iPaas located on Azure (Azure is already ISO 27001 certified). What is the difference between the ISMS scope for an iPaas and a SaaS?
Cryptography controls
I do have another question as well. In Statement of Applicability template there is a following row:
Filling SoA template
I have a question about Statement of Applicability template. It has a column called "Justification for selection/non-selection" and you have commented it "Based on risk assessment results, contractual and legal obligations.". Could you please give further guidance for this column? I'm not sure what should I fill in this column.
Filling Risk Treatment Table
Could you also provide guidance for what should be inserted in Acceptance of Residual Risks columns? Especially Vulnerability, New impact, new probability and Residual risk columns.