ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Risk treatment options

    1. If I was to find security risks and vulnerabilities, what type of methods and security configurations would be appropriate to protect and prevent impact to systems?
    2. Also, what types of ways can I implement and design ISMS to comply with ISO 27001?

  • Tools for ISO 27001 risk assessment and internal audits

    How and what I can use to present information about assessing risks and conducting internal audits without the company spending money on resources, web portals, systems etc?

  • Supplier security according ISO 27001

    We are preparing our ISO 27001 and we would like to know if we need the security guideline no. 8 A.15? (it is a part of our ISO 27001 documentation toolkit).

  • Evidence about providers

    Considering three providers (A is ISO 27001 certified, B is following ISO 27001 but is NOT certified, and C does not follow ISO 27001 best practices), regarding accreditation, what I really need to have as evidence that they do there job correctly?

  • Language requirements for an ISO 27001 certification

    We would like to use English as the ISO 27001 program language – documentation, meetings, etc. but we will refer to some documentation (in German) already in place. Will this be acceptable as references and/or evidences for the final ISO 27001 certification?

  • Assets valuation and the information classification policy

    Regarding 27001 information classification policy, if we are to implement the information classification policy using this purchased document, how we are to factor assets?

  • Gap analysis for ISO27001 and ISO 22301

    1 - Is the gap analysis for ISO27001 also usable for ISO22301?

  • ISO 27001 Annex A controls and the Statement of Applicability

    We have a new ISO27001 auditor who tells us that we must have all of the controls included in our SOA. We have excluded some controls, which he is now going to issue us a finding for not having them in place. Does ISO "require" that we include all controls?

  • Information Security Policy review

    Is it mandatory to make a new yearly version of the Information Security Policy if there is no changes in the scope?
Page 416 of 544 pages