ISO 27001 & 22301 - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Importance of the security issues

    To permeate in the organization the importance of the security issues, which is the best way, you recommend, to train/instruct/evangelize the subject?

  • Business Continuity Management System Software Checklist

    Do you have any Checklist/Criteria for selecting the right software tool for operating Business Continuity Management System that meets ISO 22301:2019 std. requirements

  • Question about auditors

    1. Does the external auditor need to sit privately with the internal auditor and see his IA plan and its IA report and verify all his findings?

    2. Does the external auditor have a commitment and or obligation to verify his findings and corrective actions taken? Or simply look into his plans and its final report.

    3. It’s well known that IA is not fully impartial and his IA report might not be a bit biased and or impacted by his senior management if he/she is not independently reporting to the highest authority?

    4. Can the Internal audit out of transparency disclose any Nonconformities to the external auditor and or any thing that the external auditor himself can not find during his short visit?

    Thanks in anticipation and appreciate your support.

  • How far is the ISO 27001/GDPR package away from being ISO 27701 compliant?

    Just out of curiosity, how far is the ISO27001/GDPR package away from being ISO-27701 compliant?

  • Incident Management Procedure

    In the Incident Management Procedure there is a section called “Managing records kept based on this document”. Unfortunately I could not find a good definition for it t determine how to handle it. It would be great if you could help me more resources about this part of policy

  • Remote Access Policy and BYOD(Bring Your Own Device) Policy

    I was asked to develop a (*Subject) for a small organisation with no more that 1500 words and it's not very specific as to have user profile A,B...etc.. and their designation, their rights and all. How do I start with it?

  • List of cybersecurity risks associated with 5G technology

    Can you provide me with an example list of cybersecurity risks associated with 5G technology?

  • Difference between ISO 27001 A.18.2.1 and 9.2 Internal audit

    What is the difference between ISO 27001 A.18.2.1 and 9.2 Internal audit?

  • Lists of potential risks for a 100% digital market place

    Do you have an example lists of potential risks for a 100% digital market place that I can use as basic reference by any chance?

    Working on the risk part (6.1 in ISO27001) where we actually build in best practices to counter potential risks pro-actively, but having a guidance list from other companies would help a lot fore mainly A9 and A10 to see if we can thinking of the right kind of risks.

    All will be adjusted to our specific platform of course, but any initial draft would be appreciated

  • Risks posed by third party’s or suppliers

    Please what are the risks posed by third party’s or suppliers? I mean examples of Information Security risks that are posed by third parties i.e. suppliers, partners and customers, for example, hardware devices such as routers, switches, telecom lines, firewalls, software applications, ICT services such as risk assessment, penetration testing, computer forensics investigations, etc,

Page 4 of 428 pages