ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 27001 roles

    1 - Can I replace {job title} with Senior Management in some cases?

  • Risk assessment

    Should I include threats/vulnerabilities for which I've already implemented controls? For example on an internal application say the threat is data loss and the vulnerability is a dependence on a single server for this application. I have backups, which we consider to be properly de-risking, but should I list this in the risk assessment just to have it documented?

  • ISO 27001 certification and training

    1 - Información sobre el ROADMAP de la Certificación ISO 27001 (The ROADMAP of the ISO 27001 Certification)

  • Interview about ISO 27001

    I am pursuing MS in cyber Law and Information Security and I want to know that what types of questions are ask related to ISO 27001 in interview ?

  • What to do about assets and risks that change after risk assessment

    Hi Guys, please can you help advise me here. We have completed the risk assessment and the asset owners are populating the risk treatment table with treatment options. However there was a good number of months between completing the risk assessment and where we are today. As a result the assets have changed in several departments meaning some items in the current risk assessment are not relevant. It also means any new or replaced assets need to be re-assessed. So the question is:- 1) Do we just delete those irrelevant risks from the inventory of assets, risk assessment table and the risk treatment process, and just deal with the new assets in next year's overall risk assessment? 2) Or do we update those documents according to document control procedures and (i.e. update the asset inventory; risk assessment table to reflect new and removed assets; apply the treatment to the new assets)?

  • Controls implementation, SoA and audit

    Will it be the expectation of our auditor that all of the controls deemed in scope for the SoA will be in place for the stage 1 and 2 audits? Or is there some timescale allowed that controls are implemented during the process?

  • How master ISO 27001

    How to master ISO 27001:2013, what is the reading methodology.. Please guide

  • Risk process outputs sample

    I have purchased your toolkit and it is has been very helpful. I am in the process of implementing ISO 27001 in our bank. What will be of great help to me is a sample risk identification, risk assessment and risk treatment for a bank. I am having a hard time with these processes.

  • ISO 27001 certification

    1 - Can you please advice about the correct pat to follow, and how to get the certification for my services?
Page 404 of 544 pages