Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Use promo code:
CTA20

ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Implementation of ISO 27001 already having a QMS (ISO 13485) in the company

    Dear Dejan,

    I am in charge of implementing ISO 27001 in the company. For this purpose, we have purchased the ISO 27001 Toolkit from Advisera, exactly ISO 27001 Documentation Toolkit English (with extended support).

    In our case, we have a question that we would like to clarify with you, as we are sure you have seen more cases like this in many other companies.

    *** is a small company (around 20-30 people) that is in a growth and expansion phase (in the next few years). As we are a manufacturer of custom-made medical devices, we have a Quality Management System according to ISO 13485 (applicable to medical device manufacturers) in place in the company.

    Now, in defining and implementing ISO 27001 using the materials provided by Advisera, we see that there are many overlapping aspects between ISMS and QMS. Our doubt is to know if you recommend us to maintain two totally separate systems or to unify them into one. What would be more recommendable for the company now and in the long term?

    My question is focused on the fact that you provide us, for example, with a procedure for internal audits, documentation control, management review, which are similar to the ones we already have but with quite different approaches. So, we don't know if it would make more sense to have the ISMS totally separate from the QMS and have these procedures totally separate, each with its own Scope, or to try to unify to have a single procedure for internal audits, management review, document control...

    What would you recommend in this situation?

    Thank you very much in advance.

     All the best.

  • ISO 27001 Audit

    Hi - I have a question regarding the ISO 27001 audit.

    My company is going through this audit process.

    We are currently going through a restructure in our People team and have 2 junior people in the department. We are in the process of recruiting an HR manager but will have the junior staff in the interim so no senior HR person within the business.

    Would we fail on an audit because of this?

  • ISMS Roles and Organisation within Conformio

    I’m trying to set up the ISMS organization roles for the ISO27001. Are there any guidelines about the necessary roles? Or some examples of how ISMS organization should look like and map to the Conformio roles?

  • Statutory, regulatory, and contractual requirements (clause A.18.1.1)

    Hope you can help me with a question. On your website the document below is listed among the mandatory documents:

    Statutory, regulatory, and contractual requirements (clause A.18.1.1)

    However in the toolkit file “List_of_documents_ISO_27001_Documentation_Toolkit_EN” it is not mentioned.

    Also I cannot find a template in the toolkit. 

    Could you please confirm on whether this document is Mandatory or not and provide a template?

  • ISMS and BCMS

    I am delighted to be able to start implementing the ISO 27001 standard. I have several questions as I begin to complete your documents:

    1. In the document "PROCEDURE FOR THE CONTROL OF DOCUMENTS AND RECORDS", I have to choose between ISMS and SMCA.

    When filling out the "PROJECT PLAN", I read one of your comments "Delete this text and the table if business continuity management is not part of the project."

    Can we do both with your kit? Does choosing the ISMS automatically include the SMCA?

    2.In the document "PROCEDURE FOR THE CONTROL OF DOCUMENTS AND RECORDS", we must define the Title of a post ensuring the conformity of the documents.

    We are 5 in the company. I am the founder and I took charge of the file. Should I put my name, my post of "President" or other.

    Can I put my role in this "Quality Manager" project?

  • ISO 27001 certification question

    I have a question if the company is certified with iso 27001 does it mean that it's complying with all other regulations or board

  • Change in ISMS

    What i also need, is a template, how i can documentate a change in the ISMS, not in general change management.

  • ISO stand out

    I want to know what makes ISO 27001 stand out among the KSA cybersecurity regulation, what controls are not included in NCA ECC that makes ISO 27001 stands out

  • Third party requirement

    What a third-party requirement is when they work for an ISO 27001 company? Do they also need to be ISO 27001 certified?

  • Minimum requirements for A.17 controls

    Mi duda es como atender o cuales son lo mínimo a nivel de documentos, que debo tener desde seguridad de la información para atender los controles que corresponden a la A.17 en el ISO 27001:2013
Page 40 of 544 pages