ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISMS scope for a cloud provider

    My company is a cloud provider with Infrastructure as a service (IaaS) model. In simple terms we rent servers, networks and security appliances to our customers. We keep the hardware and underlying infrastructure running, and our customers upload their data to the servers and control who has access to it.

  • Training and awareness statements in the Information security policy

    In your information security policy template what do these two statements mean and how are they different?

  • Alternative options for treating unacceptable risks

    In the case of simple Risk assessment where Risk Score is computed by adding impact and likelihood, it may happen that (implemented or to-be-implemented) controls reduce the likelihood but not the impact. If the Risk score is above the acceptable level of risk, what actions could be taken please other than accepting the risk?

  • Monitoring and reporting for security metric?

    Can you explain what is monitoring and reporting for security metric?

  • Questions about ISO 22301/BS 25999 Toolkit

    I have read through the offering for ISO 22301/BS 25999 Toolkit. I have a few questions though.

  • Shredding CDs and USB memory sticks

    What can I do to shred CDs and USB. we have some good in store many things and we want to have a form to destroy the items which wasn't there any list in the store for it. I already applied iso 27001 based on my organisation need and your documents.

  • What kind of information is of external origin?

    My question is about Documents of external origin section in Procedure for document and record control document.

  • Disaster vs. Incident

    What is the different between incident and disaster? Can you give some examples for both of this?

  • If I do pen test, which controls from Annex A can be covered?

    As there are more than 100 controls in ISO 27k, which one of those can be covered by performing penetration testing. So if I do pen test, which controls from 100+ can be covered?

  • Implementing ISO 27001 in a SMB start up company

    If possible I would like to know more about a SMB start up company implementing this standard and how important it is for them.
Page 441 of 544 pages