ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4148
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Certification ISO 14001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • What to do about assets and risks that change after risk assessment

    Hi Guys, please can you help advise me here. We have completed the risk assessment and the asset owners are populating the risk treatment table with treatment options. However there was a good number of months between completing the risk assessment and where we are today. As a result the assets have changed in several departments meaning some items in the current risk assessment are not relevant. It also means any new or replaced assets need to be re-assessed. So the question is:- 1) Do we just delete those irrelevant risks from the inventory of assets, risk assessment table and the risk treatment process, and just deal with the new assets in next year's overall risk assessment? 2) Or do we update those documents according to document control procedures and (i.e. update the asset inventory; risk assessment table to reflect new and removed assets; apply the treatment to the new assets)?

  • Controls implementation, SoA and audit

    Will it be the expectation of our auditor that all of the controls deemed in scope for the SoA will be in place for the stage 1 and 2 audits? Or is there some timescale allowed that controls are implemented during the process?

  • How master ISO 27001

    How to master ISO 27001:2013, what is the reading methodology.. Please guide

  • Risk process outputs sample

    I have purchased your toolkit and it is has been very helpful. I am in the process of implementing ISO 27001 in our bank. What will be of great help to me is a sample risk identification, risk assessment and risk treatment for a bank. I am having a hard time with these processes.

  • ISO 27001 certification

    1 - Can you please advice about the correct pat to follow, and how to get the certification for my services?

  • Internal Audit Checklist

    1 - On Appendix 3 – Internal Audit Checklist for ISO 27001 and ISO 22301 there is evidence column to fill. Based on document template, what can we fill on there column?

  • Security in SDLC

    Are any ISO policies directly related to SDLC (requirements, plan, design, code, test, release) ? We want security testing built into the SDLC. Is it the A_14 Secure Development Policy?

  • ISO 27001 implementation project

    Hi, I would like to create a project so it is clear for the company which steps they have to take and what they should do to get ISO 27001 certified. Can you help me with this?

  • Risk Assessment and Treatment

    1 - For the Risk Assessment and Treatment report, do all of the identified risks have to be resolved/completed ​prior to certification ​or does having a timeline of completion okay.
Page 403 of 542 pages