SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4148
Discussions
Expert

Carlos Pereira da Cruz

1916
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Certification ISO 14001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Attesting to ISO 27001 compliance

    I understand that to be properly “ISO 27001 certified” only an accredited certification body / organization can perform such a task (and issue a certificate, etc.).

  • Risk management from a remote location

    Is it possible to perform Risk management ( Risk assessment, Risk Treatment) and implementation of controls from a remote location ?

  • How to calculate residual risk

    How do you calculate residual risk? I have a risk that causes two sub risks. Now value for top level risk will be sum of two risks or can the top level risk have a value of its own.

  • Process-based vs control-based audit

    What is the approach to auditing 27K? Do auditors audit business processes and check the application of the controls on them or do they look at each control and check their application across the organization?

  • Performing risk analysis, SoA and RTP

    Our company is currently in phase perform gap Analysis, perform risk analysis, create SOA and create RTP. How we do these stages?

  • Threats vs vulnerabilities

    I am working with a project team to develop a Risk Assessment table for my company. Something I am struggling with is how to define threats, how to define vulnerabilities, and how to tell the difference. Can you provide any guidance on these questions?

  • ISO 27001 interpretation of A.8.2.1

    I'm in possession of the iso standard document, and I see the annex with the description of each clause but, is it the purpose that we'd for instance (see A.8.2.1 control if the information is classified in terms of legal requirements, value, critical and sensitivity to unauthorized disclosure or modification or how should I interpret it.

  • ISO requirements for changing passwords

    We are developing “password policy” now and have question about it. We want to add the following paragraph in the policy: all system level passwords (e.g. Root, enable, NT “Administrator” and etc.) must be changed at least every 90 days. Is this not contrary to the requirements of ISO? What is the ISO requirements or recommendations about it?

  • In which step of ISO implementation to write documents

    I have a query and not very much clear on this. Please tell me in which phase or step of ISO implementation do we write all the policies and procedures. Is it during scope creation or during risk assessment or during control implementation? Can you please explain why it is better to create policies during that specific stage e.g. if created during scope stage and explain with the help of an example.

  • Management in ISO 27001 / ISO 22301

    Dear Sir i need Management in ISO 27001/22301, i want to learn Management
Page 418 of 542 pages