Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Use promo code:
CTA20

ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Register of legal, contractual and other requirements

    1 - For Register of legal, contractual and other requirements Step: what exactly should we do in this step?

    2 - For ISMS Scope: we’re not sure what to include and what to exclude! do we have to include all our 14 subsidiaries? Do we need to exclude something or some departments?

    3 - For Asset inventory: do we need to identify all assets we have? Or assets we provide? Or assets we’re using/purchased?

    4 - For IT Security policy: is it only 1 global policy? Or we need to add related policies like: backup policy, cloud policy, data destruction policy ...).

  • Is antivirus software requirement for companies seeking ISO 27001 certification?

    In working with my current company through their ISO27001 audit, I wanted to ask if antivirus software was a requirement for companies seeking ISO27001 certified? We are currently operating almost entirely out of the cloud on mac devices, so we wanted to ask if we had to get one before the audit.

  • Requirements in Document Wizard

    1. Why can I select only one person to approve my documents. We have more people so I am not sure how to handle this in our organization? 2. How are the risks and requirements listed in each step addressed in each policy. Do I need to do something on my side or reference them in specific paragraphs? How do I know which paragraph in the document covers which risk or which requirement so that when I am asked how we are treating those risks or requirements, I can show them?

  • Does risk treatment table need to be separate from risk assessment table?

    Does the risk treatment table need to be separate from the risk assessment table?  It seems to me that columns on treatments and treated risk values can be added to the unacceptable risks in the risk assessment table and this can avoid duplication.  What do you think?

  • Content and scope of External Threat Monitoring

    at present, the most immediate question I have is this – what is the content and scope of External Threat Monitoring? Would it be adequate to comply with US’ FISMA Act 2002 (it is a US Act but is adopted worldwide as a best practice), and, as part of FIMA compliance, should we adopt NIST’s standards, namely, FIPS 199, FIPS 200, and the NIST 800? External threat monitoring [job title] is responsible for monitoring suppliers, manufacturers, and security reference groups in order to identify external threats that can impact applications and systems, and [job title] must select actions to be taken in case new threats are identified.

  • ISO 27001 is being revised: Which standard revision should you implement?

    R u sure they fall in 13 n rev comes in 22 Your qn doesn’t expect me to ponder after 15

  • ISMS SCOPE DOCUMENT

    Hope you are doing well I have some question about ISMS scope ISMS SCOPE DOCUMENT document does not include the following as you mentioned in your book "secure & simple" ISO 27001 says you have to do the following when defining the scope: Take into account internal and external issues defined in clause 4.1. Take into account all the requirements defined in clause 4.2. Consider interfaces and dependencies between what is happening within the ISMS scope and the outside world. and the last point also needs more clarification on how to do It, I mean other method rather than diagram.

  • Management review for ISO27001

    I just had a workshop in ISO27001 lead implementor. As a preparation for the audit, I need to prepare a management review, I would like your advice about the needed step for creating this document in ISO27001.

  • ISO 27001 Conformio questions

    1. In case we have to abide by requirements in several states because we are doing business with both, how should we handle these requirements in the context of ISO 27001 implementation? 2. In case we have defined a security objective and we fail it (i.e., our target was to decrease the number of incidents, and we see that they have risen) will this hamper my possibility of obtaining the certification. 3. How do we select a certification body?

  • How can we move to 27001?

    I have a question regarding the effort to move from the old version of 27001:2013 to the new one. What effort / resources shall we plan ? We have implemented 27001:2013 since 10 years…Do you have a guideline how to proceed?
Page 44 of 544 pages