ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Assets to consider in an inventory

    With regard to my risk assessment approach I am preparing the asset (inventory) table. I have listed the classic assets such like clients, mobile phones, infrastructure, servers, suppliers etc. But, I am note sure to what extend I need to compile assets which are also safeguards already implemented, such as secure VPN, physical and virtual firewall solutions, anti-virus software etc. Shall I define them as assets and make the risk analysis accordingly, although these assets are the consequence from a previous risk check?

  • Is the risk assessment done before the BIA?

    In your experience is the risk assessment done before the BIA or after? Is it important which is done first?

  • How to describe treatment options

    I am currently working on the treatment table and 2 of my identified risks are fire and flood. We will have a few treatments but one I cannot complete as below. In options I will select transfer of risks to a third party, but under means of implementation I cannot find a relevant control referring to insurance ?

  • Inventory of assets

    Regarding the document Inventory of Assets from the toolkit, what should be mentioned in Impact column? Same for notes ?

  • Optimising ISMS management effort

    One of my clients is asking about how to make easier to manage his ISMS (over 4 countries). He says too much documents, too heavy information security policies and procedures.

  • Business Continuity Plan in ISO 27001

    Why yes or why not do we need to include the Business Continuity Plan in the ISO 27001 certification ? Can we omit it ?

  • ISO 27001 and ISO 9001 and information security

    Is ISO 27001 and ISO 9001 both discuss information security. Do they cover the same aspects.

  • Does internal auditor need to have a certificate?

    Is it necessary for the company's internal auditor to have this certification?

  • Risk treatment plan and SoA

    1 - I am getting confused with the Residual risk acceptance table in SoA document. Could I be assisted with any video tutorial? as I am unable link it with SoA and even Risk treatment plan.

  • Segregation of duties

    I have an issue with A.6.1.2 clausule. My company is small, do you have some information or example ?
Page 410 of 544 pages