SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4148
Discussions
Expert

Carlos Pereira da Cruz

1916
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Certification ISO 14001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Audit demanded by client

    Website Software Needs a Security Audit or Certification - Which One?

  • Risk acceptance criteria and acceptance level

    Is acceptable level of risk the same as risk acceptance criteria in ISO 27001:2013?

  • Filling asset inventory

    As explained in the provided video (about Risk Assessment table), each Asset may have several threats. And each threat (of the same asset) may have several different vulnerabilities. And each vulnerability may have different Consequence (from low to high). It's well demonstrated in the video, for the "Laptop" asset). It has 2 different threats (flood, theft) and 3 different vulnerabilities (2 for flood and 1 for theft) with different levels of Consequence (1, 1, 2).

  • Using Conformio for ISO 27002

    I’m working on an ISO27002 project for my company. Is Conformio suitable for just that portion of ISO27001?

  • Assets to consider in an inventory

    With regard to my risk assessment approach I am preparing the asset (inventory) table. I have listed the classic assets such like clients, mobile phones, infrastructure, servers, suppliers etc. But, I am note sure to what extend I need to compile assets which are also safeguards already implemented, such as secure VPN, physical and virtual firewall solutions, anti-virus software etc. Shall I define them as assets and make the risk analysis accordingly, although these assets are the consequence from a previous risk check?

  • Is the risk assessment done before the BIA?

    In your experience is the risk assessment done before the BIA or after? Is it important which is done first?

  • How to describe treatment options

    I am currently working on the treatment table and 2 of my identified risks are fire and flood. We will have a few treatments but one I cannot complete as below. In options I will select transfer of risks to a third party, but under means of implementation I cannot find a relevant control referring to insurance ?

  • Inventory of assets

    Regarding the document Inventory of Assets from the toolkit, what should be mentioned in Impact column? Same for notes ?

  • Optimising ISMS management effort

    One of my clients is asking about how to make easier to manage his ISMS (over 4 countries). He says too much documents, too heavy information security policies and procedures.

  • Business Continuity Plan in ISO 27001

    Why yes or why not do we need to include the Business Continuity Plan in the ISO 27001 certification ? Can we omit it ?
Page 408 of 542 pages