ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Risk acceptance

    Hello, in a recent time we had a discussion within the software development team. As you know, A.12.1.4 control forces us to separate development, test and live fields. However, for some development tools, it is not possible to separate them. Also, some projects forces us not to separate them all. In this situation, can there be an exclusion for not to implement this control? What can be the metrics to implement and not to implement this control? Thanks for your help.

  • Risk assessment and treatment

    We are using your toolkit for leading an organisation through certification.

  • Risk assessment, information labelling and security committee

    Question 1:

  • ISMS scope definition

    Can we restrict our scope of ISMS to IT Department and get certified for it for ISO 27001?

  • Annual auditing of controls

    1- Once a company has secured their ISO27K certification and are performing annual internal audits of the controls is there any reason for them to pay for an annual exterior audit versus providing the internal audit results to the firm that provided the certification?

  • Do we have to use the control A.12.1.4 for all software development processes?

    Hello, in a recent time we had a discussion within the software development team. As you know, A.12.1.4 control forces us to separate development, test and live fields. However, for some development tools, it is not possible to separate them. Also, some projects forces us not to separate them all. In this situation, can there be an exclusion for not to implement this control? What can be the metrics to implement and not to implement this control? Thanks for your help

  • ISO 27001 implementation benefits

    ¿porque es importante implementar la norma y que consecuencias tiene no estar certificados? (Why is it important to implement the standard and what consequences does it have not be certified?)

  • IGSOC

    Do u have any IGSOC documents for us to help in achieving the same

  • ISMS maintenance

    Quisiera saber, ya que mi empresa esta Certificada, si tienes en tus documentos, una Guía para Mantener la Certificación ISO 27001. (I would like to know, since my company is Certified, if you have in your documents, a Guide to Maintain ISO 27001 Certification).

  • Continual improvement verification

    As per my understanding the continual improvement is only indicated in clause 10.2 of iso 27001:2013. But i think it is throughout from clauses 4 to 10 in some or the other ways. How can i draft few questions from each clause and bring out evidence accordingly.
Page 402 of 544 pages