ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 14001 Product: ISO 27001 Internal Auditor Course
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Controls from section A.11.1

    which document should cover a11, a11.1 a11.1.1 - 1.6 etc, that's all the physical parts? I can't seem to find a document where this is addressed

  • ISO 27001 Annex A structure

    quería saber si me pueden ayudar informándome porque el anexo A de la ISO 27001 inicia en el numeral A5

  • ISO 27017, ISO 27018 and certifications

    So v2013 is pretty much fully evolved. But it needs a new sentence - Ensure your cloud provider is certified to 27017 for security and 27081 for privacy?

  • Roles and responsibilities

    Would you have an template for this Definition of security roles and responsibilities A.7.1.2, A.13.2.4

  • Segregation of duties

    hello, we have your templates we bought last year. We just went through stage 1 and they highlighted that we are missing a6.1.2 segregation of duties. I wondered which template/document that was addressed in, perhaps I removed it or simply didn't fill in that section

  • Applicability of control A.14.1.3

    In my Company, we don't have online financial transaction and have some web applications. Is A.14.1.3 Applicable?

  • Asset owner and risk owner

    Cual es la diferencia entre propietario del activo y del riesgo?

  • Information labelling

    In the Information Classification Policy under the Information Labeling section there is a statement that one should display the confidentiality level in applications and databases on the system access screen. We are having a hard time putting this into practice for let's say a database being accessed through a 3rd party tool like pgadmin or other 3rd party software where we do not control the appearance.

  • Cyber Security Policy

    I work in XXXX with one of the Financial Services Organization. We are working on improving our Information Security overall and surely enhancing policies/plan and controls too. My management is expecting Cyber Security Policy also to be written separately along with Information Security Policy. I know that Cyber Security Policy is a subset of Information Security as Information Security covers all aspects of Cyber Security too. Is it advisable to write a separate Cyber Security Policy document even though we already have Information Security Policy document available ? If yes, what are the points to be taken care in Cyber Security Policy. Please provide some guidelines on it.

  • Scope definition

    Can purchasing be excluded in the Scope?
Page 351 of 544 pages