ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4148
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Risk Assessment Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Certification ISO 14001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Scope of the internal audit

    I’m trying to figure out how to write the scope for each standard that we are doing for our internal audit. What components needs to go in it?

  • How many times to list an asset on the risk assessment table

    I have just watched the video on how to prepare the risk assessment table When preparing the risk assessment table, does every single asset in the organisation need to be listed, or each type of asset For example if we there are 10 laptops and 100 desktop computers, should there be 110 assets listed on the risk assessment table, and all 110 have their own set of threats and vulnerabilities, or list 2, 1 for the laptops and 1 for the desktop computers, so there are 2 sets of threats and vulnerabilities, one for each 'type' of asset Thanks

  • Certify ISO 22301 methodology?

    I do have one question though, as a former auditor have you come across an organization that only wanted to certify their ISO 22301 methodology? From what I understand it's the whole company that is being certified. In other words, could an auditor certify just a process (eg. BCP)/methodology being used to implement BCP?

  • How detailed should be the risk assessment?

    1) Does the risk assessment need to be so detailed?

  • Is ISO 27001:2013 consistent with HLS?

    Is ISMS 27001:2013 consistent with HLS structure?

  • ¿Se tienen en cuenta los activos en ISO 27001:2013?

    En ISO 27001 version 2013 se tiene en cuenta los activos para evaluar los riesgos, o se evaluan directamente los riesgos sin hacer un levantamiento de activos previo?

  • Including employees in the inventory of assets

    I need to ask about the inventory of the assets. It says I need to copy the assets from Risk Assessment Table. In Risk Assessment Table, I had mention employees also as an asset. So, in Inventory, do I need to mention employees too?

  • Security controls for E-Commerce?

    1.Is there any clause in ISO standards which talks about security protocols in E-commerce...?

  • Security policy for thousands of employees

    I would like to ask how to ensure that an existing security policy is well enforced in a company?

  • Questions about the backup policy

    We store all our data in secondary back up, actually TWO secondary back ups, for just in case.
Page 441 of 542 pages