ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISMS scope question

    As a software development company, our most important asset to protect is all customer information that flows through our networks, and that of our employees & subcontractors (who are all telecommuters). I am trying to decipher what precisely I include as part of my scope..for instance, I cannot control the security of the GoDaddy email services that we use, but I will include an "Email Policy" for all employees and subcontractors to ensure that sensitive data sent via email is properly handled. Because I plan on writing an email policy, would "email" be considered in scope"?

  • Implementing business continuity management system

    what are the process involved in implementing business continuity management system? how we audit the business continuity management system and what are process involved in auditing business continuity management system.?

  • Creating policies and procedures: Stage of implementation

    In which stage of implementation do we start creating policy and procedure. What is the most important security policies and would be created first i.e. sequence.

  • Monitoring and measurement results

    How does the toolkit handle documenting the Monitoring and measurement results (clause 9.1) requirement. I see in each document and in the SOA references to measuring, but how are these measurements formally documented?

  • Tipo de activo "Físico"

    Actualmente estoy revisando la documentación del SGSI de mi empresa y tengo la siguiente inquietud? En la metodología inventario clasificación de información, yo se tiene como tipo de activo

  • Aligning information security objectives with business strategy

    Kindly, could you please clarify this to me? "Make sure your information security objectives are aligned with the business strategy (ISO 27001 clause 5.1 a). What does that exactly mean? If my org is a financial company for example.

  • Report information about compliance and audit

    I am responsible for audit and compliance in my organisation. Each month, all teams report their KPIs to senior leadership. Like incident mgmt will report on - Number of major incidents. Change mgmt. - percentage of successful changes. What can I report? Number of audits (9001, 22301, 27001, 14001, customer audits)??? Volumes of NCs, OFIs??

  • Balance scorecard

    Let me know if there is any iso referring to balanced scorecard ?

  • Guía para definir el alcance

    Me gustaría tener una guía para definir el alcance, a pesar de q tengo la guía la ISO 27003, y la 27001, no se como escribirlo, plasmar los requisitos y q debe ir en el contexto. Como lo puedo estructurar?

  • Information assets

    Who determines what constitutes an information asset? For ISO27001 compliance. I am battling within my organisation ... I define information assets as everything information we care about, including IT equipment and physical information.
Page 437 of 544 pages