ISO 27001 & 22301 - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Who should be the asset owner

    We have purchased your ISO27001. We are at the point of creating Risk Assessment Table. We have also watched the video of this area. The 2 questions we are divided on is:

    1 . A user of a laptop or computer - does the assets need to be listed separately with the individual user?

    2. If yes then every user would need to be presented as a group or individually to offer feedback of risks that they feel in individual to them for that asset? Correct? Would be interested in any feedback. Thanks

  • Change management process

    I just want to know that without change management process in it helpdesk is it possible to get iso 27001

  • ISO 22301 certification process

    can the organization certified ISO 22301 by partially. in example: only certified in head office, or only certified in certain service, or certain department (business units). what do you propose on the scoping for first time of ISO 22301 certification process.

  • ISO 27001 and SOC1

    is there any connection of ISO27001 with SOC1?

  • Scoping for ISO 27001

    I want to ask scoping for ISO 27001 standard. I want to know that we can go ''production network" as for scope in certification, not entire network of our company.

  • Policy structure and documentation

    Is there any recommended way to document a policy? lets say, when developing a Mobile Device and Teleworking Policy, one should ensure following elements are defined for each policy:

    Policy Statement / Purpose




    Document history

    Date released and by who

    Date reviewed and by who

    Date approve and by who



  • Security levels to have in the company

    What are the security levels to have in the company, type initial, medium, advanced? We are implementing information security in the company, and I need to know and understand how the security levels work and what do I need to have to reach each level? Can you help me with information?

  • Defining Scope

    How to define The ISO27001 Scope. I'm working for a hybrid company (~300 employees), 8 global locations, we offer cloud management services, and it's difficult to properly define the Scope.
    What should be included in the Scope?

  • Information security in project management

    I was wondering what information security in project management means practically. I am thinking that information should be protected by ensuring least privileged access rights, physical access security, etc - would this be a correct analysis of this control please?

  • ISO 27001 Lead Auditor course

    Hello. I am an IT Auditor on my previous job and currently i am a security compliance. I want to take CISA then after passing, i will take ISO 27001 Lead Auditor. Do you think this two certifications are good? or should I take ISO 27001 Lead Auditor certification only? I just want to hear comments from the expert. :) In addition, I want to focus my career path on audit but on the side of security.

Page 4 of 389 pages