ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Performing risk analysis, SoA and RTP

    Our company is currently in phase perform gap Analysis, perform risk analysis, create SOA and create RTP. How we do these stages?

  • Threats vs vulnerabilities

    I am working with a project team to develop a Risk Assessment table for my company. Something I am struggling with is how to define threats, how to define vulnerabilities, and how to tell the difference. Can you provide any guidance on these questions?

  • ISO 27001 interpretation of A.8.2.1

    I'm in possession of the iso standard document, and I see the annex with the description of each clause but, is it the purpose that we'd for instance (see A.8.2.1 control if the information is classified in terms of legal requirements, value, critical and sensitivity to unauthorized disclosure or modification or how should I interpret it.

  • ISO requirements for changing passwords

    We are developing “password policy” now and have question about it. We want to add the following paragraph in the policy: all system level passwords (e.g. Root, enable, NT “Administrator” and etc.) must be changed at least every 90 days. Is this not contrary to the requirements of ISO? What is the ISO requirements or recommendations about it?

  • In which step of ISO implementation to write documents

    I have a query and not very much clear on this. Please tell me in which phase or step of ISO implementation do we write all the policies and procedures. Is it during scope creation or during risk assessment or during control implementation? Can you please explain why it is better to create policies during that specific stage e.g. if created during scope stage and explain with the help of an example.

  • Management in ISO 27001 / ISO 22301

    Dear Sir i need Management in ISO 27001/22301, i want to learn Management

  • Risk analysis for a pharmaceutical company

    methodology for carrying out Risk analysis of Pharmaceutical factory. what are requirement for such risk analysis

  • Get the certification

    We are in the midle of an ISO 27001 certification project and we have one technical question. We have developed 100% of the Risk Assessment, the SOA and the Risk Treatment Plan. Our SOA states that we need over 100 controls. We have implemented 60 until today. So, there are 40 controls planned to 2017 in the RTP. Can we get the certification know? ​Without those 40 controls, but they are planned​?​

  • IT experience

    I am new to this area and interested to master this domain. Can you please guide? I am Senior IT Engineer (network and telecom) and have 12+ years experience in IT/Comms / Data center projects.

  • From which country should the certification body be?

    I am now working in the process of getting ISO27001 certified. Now I wonder about how to select a certifying agency to do the certification. My company is in India and I would like to get certified by an agency in India. Would that be an issue if I get certified by an agency in another country(say Dubai). Is that going to be of an advantage? Is that mandatory to have a company certified by the certifying authority in the same country?
Page 420 of 544 pages