Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

ISO 27001 & 22301 - Expert Advice Community

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Justification for Soa

    I am trying to fill the SoA as indicated in the video tutorial. The tutorial mentions Requirement (law, contractual requirement, etc.) and Risk. For A.14.2.1, I covered the potential problems (CIA) for existing technology (known) in the Risk Assessment. However, the secure development is a mandatory policy, and I am not sure how to include the potential problems of the introduction of a new technology(unknown) in the RA. Should I also mention “Best practice”?
  • Annex A18 controls in the documentation toolkit

    Considering your documentation toolkit, We are missing the following: Standard – A.18 Compliance, Objective A.18.2 Information Security Review, Requirement A.18.2.1 Independent review of security policy
  • Annex A5 controls in the documentation toolkit

    Considering your documentation toolkit, we are missing this entry from Annex A: Security requirements summary, Standard – A.5 Information security policies, Objective A.5.1 Information, security policy, Requirement A.5.1.1 Policies for information security, and Requirement A.5.1.2 Review of the information security policy.
  • Which clauses must be covered with particular documents?

    I’ve purchased the premium kit for ISO 27001 and noticed that the templates have references to relevant ISO 27001:2013 clauses. In many cases, the list of relevant clauses in each template is far more than what is listed here https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/ For example, at the URL above, only clasue A.8.1.3 is listed. However, in the Acceptable Use Policy template found in the premium documentation kit, you’ve listed these references: ISO/IEC 27001 standard, clauses A.6.2.1, A.6.2.2, A.8.1.2, A.8.1.3, A.8.1.4, A.9.3.1, A.11.2.5, A.11.2.6, A.11.2.8, A.11.2.9, A.12.2.1, A.12.3.1, A.12.5.1, A.12.6.2, A.13.2.3, A.18.1.2.
  • Risk assessment

    In the risk assessment table the likelyhood and consquence totals are before or after including existing controls of today?
  • Toolkit support

    1) Can you please share the recommended classification of all IS 27001 /9001 documents available in the templates shared. Little confused after seeing the videos-some documents are classified as restricted and some as internal. If you can mention for each documents it will be great.
  • Threat analysis

    1 - How shall I treat the infrastructure such like the server room in our office? I am asking here because the server room itself does not threaten any information value. Is this asset supposed to be analyzed in the context of the server located there, then it would make sense to indicate for example pollution as threat. But wouldn’t it be redundant when you analysis the server itself and take pollution as threat again?
  • Documentation review

    We are in the process of revising our documents as part of the Management Review and Continued Improvement. We know that ISO requires an ISMS Implementation Project Plan. Is this document required EVERY time we revise the "policies" or just does the original document just need kept?
  • Procedure for document and record keeping

    Considering the procedure for documents and record keeping: