ISO 27001 & 22301 - Expert Advice Community

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Risks identification and treatment

    Considering this example: we are having our own server (in-house), but we are also using external technical support for patches and incident management by providing remote access. How to best address the problem of unauthorized access to data, potential breach of data protection, breach of confidentiality?
  • Defining BCMS scope

    If we are a small to a medium size company, Can we only implement ISO 22301 (BCMS) for the IT Department? Or we have to implement it to all company departments?
  • Threats identification

    I have an computer as an asset (note: no data/information is stored on it, we use shared folders), what are then the threats? only the loss of the device? or malfunction of system, fire?
  • ISO 27005 and ISACA RiskIT

    What do you have in the toolbox that provides a gap analysis between ISO 27005 and ISACA RiskIT?
  • Audit checklist

    Can you please share Phase 1 & 2 External audit readiness checklist urgently.
  • ISO 27017 and ISO 27018 implementation

    If our company develops software and provide SaaS service to customers( by hosting software in an cloud service provider). Also it got a development environment in xxx- developers connect to xxx and use tools for development . Is it recommended to implement - ISO 27017 OR 27018 or both ?
  • EU GDPR

    1 - Is eugdpr applicable to physical as well as electronic data??
  • Management Representative in ISO 27001:2013

    Is MR role necessary in ISO 27001:2013?
  • ISO 27001 Internal auditor course vs Lead auditor course

    If you pass the certification iso 27001 internal auditor with success, would it be easier to take an pass the iso 27001 lead auditor? Or do you need more lessons?
  • How are Risk assessment table and Risk treatment table different?

    From what we see the risk assement table and the risk treatment table are basically the same on page 1 , on the treatment doc there is obviously the extra treatment and controls section. Is there a reason for this or it can be done all in one document ?