Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Use promo code:
CTA20

ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Becoming ISO 27001 lead auditor

    I’ve recently passed ISO 27K1 foundation exam. Now planning for ISO 27K1 lead auditor course and exam. I’ve query regarding it. After I pass the exam ISO 27K1 lead auditor from Advisera, then am I able to audit companies for ISO certification and provide certification? So, I was checking PCEB exam too, but Criteria seems different then Advisera. Please advice.

  • Conformio and Annex A controls

    I have a client who signed a contract with a big company some time ago and this client was part of a big *** advertising group and benefited from all the resources of the group, but now he has become independent and has to implement the requirements defined in the contract in order to comply with the contract he signed before. Therefore, he asked me to implement the requirements of the contract as a priority. Here are the security policies and article that I need to put in place first. I don't know if they can be handled separately or should I follow the step by step procedure. Let me know if you need more information. Policies to be put in place : Data backup policy Business Continuity Planning Policy External parties policy Data classification policy Security patch management policy Cryptographic standard Access Control Policy Remote Access Control Policy Physical and Environmental Security Policy Security and Privacy Incident Response Policy Articles: A.12.2.1, A.15.1.1, A.15.1.2, A.16.1.1, A.16.1.2, A.16.1.3, A.16.1.5, A.17.1.1, A.17.1.2, A.17.1.3, A.18.2.1, A.7.1.2, A.7.2.1, A.7.2.2, A.7.2.3

  • Mapping of requirements on controls

    Here’s another question about the mapping of requirements on controls. We have a customer requirements that relates to regular reporting on the effectiveness of the ISMS. I think it would be appropriate to map these on controls A.18.2.*. From the mapping document this does not seem to be the possible. There is no corresponding ‘Compliance’ are that can be selected. Actually, A.18.* controls are absent from the mapping altogether, as is the case for A.7 Human resources controls. Should a compliance area not be selectable in the requirements register and should A.18.* not be mapped as a result of mapping onto this area? Or any other area?

  • Performing Information security and POPIA compliance gap analysis

    Good day Dejan, I have been going through your materials and I am about to purchase the ISO 27001 Documentation Toolkit English (with live expert support) Because I have the below message from a potential client. Hi, I have a client who would like us to submit a proposal to perform Information security and POPIA compliance gap analysis. The overall purpose of this analysis is to identify the level of compliance and potential gaps that might exist from an Information Security perspective when measured against ISO 27000, and Data Privacy as measured against POPIA. Deliverables 1. Report of Cyber Security Gaps along with the recommendations and a roadmap to resolve these gaps 2. Report of POPIA Compliance Gaps along with the recommendations and a roadmap to resolve these gaps 3. Presentation to the client of the findings of the Audit exercise 4. A penetration test report Response Requirements The following should be included in the response: • Approach • Specific Deliverables • High-level timelines What do you advise as to how to proceed with responding to the approach and specific deliverables?

  • Question about GRC committee

    I hope this email finds you well, I have a question , we will be creating a GRC committee, therefore, I need to know what first steps should be done with the committee as an information security officer. Also, what should be asked from the management representatives to do first and so on

  • Asset inventory

    When writing and preparing an asset inventory, should we write the name of risk owner/asset owner or the role?

  • Do we need separate Cloud Security Policy?

    If our business is Saas and it's all in CLoud for example. Currently, we need to have Information Security Policy as the required document. But do we need a separate Cloud Security Policy ?

  • Revision to 27002 question

    I read with great interest your Blog on the Revision Changes to 27002. Is it perhaps possible to share with me as to whether EACH Control will refer to the required Elements as well as the 5 Control Attributes in relation to determining appropriate Process guidelines?

  • A.5.1.1 Policies for Information Security

    We have a customer requirement that we would like to include in the Information Security Policy. I will map these onto area ‘Setting top-level information security objectives and intentions’, but would also expect control A.5.1.1 Policies for Information Security to be triggered. From the mapping document this does not seem to be the case. Actually, A.5.* controls are absent from the mapping altogether, as is the case for A.7 Human resources controls. Should A.5.* not be mapped as a result of the area I mentioned? Or any other area?
Page 43 of 544 pages