ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 27001 Controls and Controls Objectives

    Present how many controls and how many objective controls in iso 27001

  • Information Security metrics

    I need to know how to define metrics for measuring ISO 27001?

  • Toolkit application

    I would appreciate if you have any suggestion for me to better utilization of the toolkit at this time where I do not have the practical environment to implement it.

  • Applicability of ISO 27017/27018

    1 - 27017/2018 cloud service, is this kind only for data center?

  • Protecting assets with multiple security levels

    If we have 2 completely similar assets (for example 2 similar data bases which are used for different customers) but the consequences of the problems are not the same (for example because of different importance of customers) should we consider them as different assets and dedicate 2 different lines in risk assessment table? My suggestion was grouping them as highly/medium/low sensitive (databases/contracts…) and then put these groups as assets in 3 rows and keeping the detailed assets information in inventory of assets table. Do you think that it is a correct approach?

  • Assets, Threats and Risk assessment

    1 - There are some duties which are somehow sensitive (e.g., company’s obligations payments) a not doing them on time can cause some problems according to legal actions of interested parties against the company, like lack of availability. How can they affect our risk assessment process?

  • Evidences of control implementation and training and awareness program

    1 - What types of records of implementation are needed when implementing the required control?

  • IT Code of Conduct and ISO 27001:2013

    I wondered if you have any information about contents of an IT Code of Conduct?

  • Scope definition

    1 - I'm currently a studying ISMS. From an analysis perspective, you'd work top-down and chose the organisation and scope first?

  • Filling the risk assessment table

    If I have an asset with a threat and related vulnerabilities, and I know that I will need to implement 2 or more controls to take the risk to an acceptable level, do I need to specify how much each control will decrease the risk, or is it enough to put the result on a single row?
Page 415 of 544 pages