ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit AS9100 Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • How are Risk assessment table and Risk treatment table different?

    From what we see the risk assement table and the risk treatment table are basically the same on page 1 , on the treatment doc there is obviously the extra treatment and controls section. Is there a reason for this or it can be done all in one document ?

  • Acceptable level of risk

    Just wanted to understand. Is there an acceptable level of risk?

  • ISO 27001 records of implementation

    Can I conclude that among the following comprehensive list the Risk treatment plan is the evidence of “Records of implementation” when implementing the required controls?

  • Datacenter procedures

    I am looking for the procedure on data center assets management or procedure for auditing fixed assets in a data center. I think it may come under DCIM process but i cant find any reference to it on your website

  • ISO 27001 Controls and Controls Objectives

    Present how many controls and how many objective controls in iso 27001

  • Information Security metrics

    I need to know how to define metrics for measuring ISO 27001?

  • Toolkit application

    I would appreciate if you have any suggestion for me to better utilization of the toolkit at this time where I do not have the practical environment to implement it.

  • Applicability of ISO 27017/27018

    1 - 27017/2018 cloud service, is this kind only for data center?

  • Protecting assets with multiple security levels

    If we have 2 completely similar assets (for example 2 similar data bases which are used for different customers) but the consequences of the problems are not the same (for example because of different importance of customers) should we consider them as different assets and dedicate 2 different lines in risk assessment table? My suggestion was grouping them as highly/medium/low sensitive (databases/contracts…) and then put these groups as assets in 3 rows and keeping the detailed assets information in inventory of assets table. Do you think that it is a correct approach?

  • Assets, Threats and Risk assessment

    1 - There are some duties which are somehow sensitive (e.g., company’s obligations payments) a not doing them on time can cause some problems according to legal actions of interested parties against the company, like lack of availability. How can they affect our risk assessment process?
Page 415 of 544 pages